HPE Community
Operating System - HP-UX
1771232 Members
2899 Online
109004 Solutions
New Discussion юеВ

Re: How to disable sftp/scp for user connecting thru SSH?

 
Stan_365
Frequent Advisor

тАО09-26-2006 02:27 PM

тАО09-26-2006 02:27 PM

How to disable sftp/scp for user connecting thru SSH?

Hello,

Is there any way to allow a user list to login system through SSH but disallow file transfering tool after this user list login the system?

My environment is: HP-UX 11iv1, HP Secure Shell A.04.30.014, a group of users have to connect to the server and run specific application thru SSH. We have tried ssh_chroot.sh to restrict this group users to access other file systems, but the chroot function is not welcomed by the application env. i.e. this group users only can run applcation without chroot. And it is too hard for us to change application configuration suitable for the chroot environment.

Thanks in advance,

Stan Du
0 Kudos
Reply
5 REPLIES 5
melvyn burnard
Honored Contributor

тАО09-26-2006 09:24 PM

тАО09-26-2006 09:24 PM

Re: How to disable sftp/scp for user connecting thru SSH?

Posted in wrong forum, moved to more appropriate forum
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
spex
Honored Contributor

тАО09-27-2006 12:04 AM

тАО09-27-2006 12:04 AM

Re: How to disable sftp/scp for user connecting thru SSH?

Hi Stan,

You can disable sftp by commenting out this line:
# Subsystem sftp /opt/ssh/libexec/sftp-server
in /opt/ssh/etc/sshd_config.

I'm not sure that you can disable scp, as its functionality can always be duplicated through ssh:

ssh user@remote-host "cat > remote-file" < local-file

PCS

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО09-27-2006 12:22 AM

тАО09-27-2006 12:22 AM

Re: How to disable sftp/scp for user connecting thru SSH?

Shalom,

You can do this with tcp wrappers, possibly.

You have to identify the daemon for scp and sftp. Hopefully its not sshd. If its not, you can totally disable it in the /etc/hosts.deny file.

If it is one daemon for all, then its may require you to write some custom code in /etc/profiles or by modifying the ssh_chroot.sh script. I'd look there and see if you can take part of its functionality without going full blown chroot.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Stan_365
Frequent Advisor

тАО09-27-2006 03:35 PM

тАО09-27-2006 03:35 PM

Re: How to disable sftp/scp for user connecting thru SSH?

Thanks PCS & SEP,

I have visited SSH web and got known that it is not possible to deny file transfering while connecting thru SSH. it is also impossible to allow specific user list to use sftp. So i have to give up it.

Stan
0 Kudos
Reply
Dennis E. James
Advisor

тАО09-28-2006 02:08 AM

тАО09-28-2006 02:08 AM

Re: How to disable sftp/scp for user connecting thru SSH?

Just a suggestion put an acl on scp and sftp removing executable privileges for the group those users are in.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.