Date: Thu, 21 Aug 2003 10:46:41 -0400 From: "Eric W. Bates" <ericx@vineyard.net> To: "Andrew Thompson" <andy@fud.org.nz>, "Ralph Forsythe" <rf-list@centerone.com> Cc: freebsd-isp@freebsd.org Subject: Re: Creating account with SCP ONLY Message-ID: <010a01c367f3$08a0dde0$68c311cc@fortiva> References: <5.1.0.14.2.20030820232337.02751eb8@mail.centerone.com> <03Aug21.172942nzst.336041@homer.fire.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Andrew Thompson" <andy@fud.org.nz> To: "Ralph Forsythe" <rf-list@centerone.com> Cc: <freebsd-isp@freebsd.org> Sent: Thursday, August 21, 2003 1:30 AM Subject: Re: Creating account with SCP ONLY > On Thu, 2003-08-21 at 17:25, Ralph Forsythe wrote: > > Since we're talking about limiting ssh access right now... I need to > > create user accounts that cannot use the shell, but can still move files > > around via scp/sftp. We have FTP disabled, and as we start to bring users > > online I do not want them having shell capabilities for security reasons. > > > > /usr/ports/shells/scponly I was interested to learn of this port and we tried it this morning.; but we can't make it work. Setting debug level 2 in /usr/local/etc/scponly/debuglevel we get denied: ** ericx@king1 ** ~ ** Thu Aug 21 10:40:55 $ scp bdrtest@k2:/usr/local/customers/customers.king2/bdrtest/personal/foo.txt . bdrtest@king2.vineyard.net's password: [48256]: 3 arguments in total. [48256]: arg 0 is scponly [48256]: arg 1 is -c [48256]: arg 2 is scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [48256]: opened log at LOG_AUTHPRIV, opts 0x00000029 [48256]: retrieved home directory of "/usr/local/customers/customers.king2/./bdrtest" for user "bdrtest" [48256]: setting uid to 3575 [48256]: processing request: "scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt" [48256]: denied request: scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [username: bdrtest(3575), IP/port: 204.17.195.90 1483 22] Apparantly this question has been asked on the scponly mailing list; but never answered. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010a01c367f3$08a0dde0$68c311cc>