HPE Community
Operating System - HP-UX
1834346 Members
1781 Online
110066 Solutions
New Discussion

Re: scp or sftp via multiple users to common destination

 
Tom Henning
Trusted Contributor

‎12-13-2005 01:18 AM

‎12-13-2005 01:18 AM

scp or sftp via multiple users to common destination

Well, that is a somewhat confusing title, but I'll try for a longer explaination here. On our system we have to transfer data files to another box, outside the firewall, for customers to access the data files from. These files are placed on a seperate directory structure. A total of 3 - 4 users actually transfer the files onto the external box, and I am trying to move from a simple ftp to using either scp or sftp for this transfer operation. This is the only use of this external box. Is that any clearer?

The problem is that I would like to make our life easier and set all of the users who transfer the data to a common home directory. This also is no real problem, except when we get into the configuration of the .ssh subdirectory to store allowed authorized keys into. As I understand things, this has to be owned by the individual users and not have read access to anyone else. Conflict here.

Is there any way of getting scp and/or sftp to set a different default directory than the one set by /etc/passwd?

THis is between two HP-UX boxes, both running 11i (PA-RISC). In the near future, I will have to change the destination box to Windows Server 2000.

Additional details provided in request, and point will be awarded, of course.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
5 REPLIES 5
Geoff Wild
Honored Contributor

‎12-13-2005 01:29 AM

‎12-13-2005 01:29 AM

Re: scp or sftp via multiple users to common destination

Why not do this:

Create a generic account - one that can only scp/sftp and have the users su - genericid

That way you only need one .ssh, one set of keys, and only 1 userid on the remote server...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Tom Henning
Trusted Contributor

‎12-13-2005 01:37 AM

‎12-13-2005 01:37 AM

Re: scp or sftp via multiple users to common destination

Geoff:

Wonderfull idea, and I would implement it now except for one small problem I did not mention in the original posting. Our IT Security folk are dead-set against **any** type of shared or group account unless there is a very significant business reason for having one. That solution could probably fly, but it would take me two months just to get the paperwork through to get permission to impelement it.

I'm still researchng it on my end, but it's not looking good right now
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Geoff Wild
Honored Contributor

‎12-13-2005 01:40 AM

‎12-13-2005 01:40 AM

Re: scp or sftp via multiple users to common destination

Best way to get approval - make it so the generic account is "no login" - only a defined set of users will be able to su to that account.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Steven E. Protter
Exalted Contributor

‎12-13-2005 01:53 AM

‎12-13-2005 01:53 AM

Re: scp or sftp via multiple users to common destination

Shalom,

You can do sftp scripting to change the directory.

Its just like an ftp script just a little different.

ftp -v -n <open $1
user $2 $3 0
$4 $5 $6
EOF

becomes

sftp user@hostname <$username
$password
cd $directoryname
get $filename
EOF

Something like that.

I think the shared user account is a better idea, but this can be individualized.

A good example of rigid policy causing problems as this method leaves a password hardcoded into a script. With additional code, you can read the password out of a secure file as well.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Tom Henning
Trusted Contributor

‎12-15-2005 10:46 PM

‎12-15-2005 10:46 PM

Re: scp or sftp via multiple users to common destination

Thanks everyone for the suggestions. The final solution I decided on is a variation of Steven's.

I already have generated key pairs for all of the users and copied these to the correct files so that passwords will not be required, since the files are moved from one specific machine to another specific machine I feel this is acceptable and will convince the IT Security folks of this. Yes, I have had all of the users test this so I know I got it right this time.

The next start will be to write a generic script, when I get the time Real Soon Now, to do the copying, like the one Steven suggested above. Since I will not have to put passwords into it in clear text, it should be Good Enough.

Again, thanks for the help and I am sorry about leaving this thread open as long as I did. First I was allowing any more suggestions to be added, then I got interrupted to put out a fire or three.

tom
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.