HPE Community
Operating System - HP-UX
1834279 Members
2061 Online
110066 Solutions
New Discussion

scp +sftp only configuration

 
SOLVED
Go to solution
Prashant Zanwar_4
Respected Contributor

‎01-11-2006 05:42 AM

‎01-11-2006 05:42 AM

scp +sftp only configuration

I have ssh2 installed, what I am able to configure is ssh-dummy-shell and chroot for a user on my host which effectively restricts user to sftp..
I want some way where I can allow user scp/sftp & not ssh shell functions.. is it possible? does some one have it working anywhere?

Thanks and regards
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎01-11-2006 07:49 AM

‎01-11-2006 07:49 AM

Solution

Re: scp +sftp only configuration

Shalom Prashant,

If you are using chroot, copy the scp/sftp binaries to each users bin directory, make sure its on the path and you are done.

Effectively, if you can't find ssh, you can't use it. chroot does a good job on that.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Prashant Zanwar_4
Respected Contributor

‎01-11-2006 08:33 AM

‎01-11-2006 08:33 AM

Re: scp +sftp only configuration

I am sorry, but it works otherwise too.. I tested it & scp shows up fine..
Thanks again
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
Tom Ward_1
Honored Contributor

‎01-11-2006 09:04 AM

‎01-11-2006 09:04 AM

Re: scp +sftp only configuration

Hello Prashant,

If you allow the users to put files in their home directory then there's nothing to stop them from using scp to copy an ssh binary into thier home dir.

I was tempted to offer putting "exit 0" in the .profile file, but with SCP access they can replace it with another one that is not restricted.

Just be sure that the users can't change or add to your secured configuration effectively undoing your restrictions.

Good luck,
Tom
0 Kudos
Reply
Russ Park
Frequent Advisor

‎01-25-2006 01:56 PM

‎01-25-2006 01:56 PM

Re: scp +sftp only configuration

Hi,
question for the original poster, or anyone who wishes to reply:

Tru64's ssh implementation includes a file in /bin called "ssh-dummy-shell" but I cannot find an HPUX equivalent on my system with A.4.10 ssh.

How do I configure?

Thanks,

Russ
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎01-25-2006 03:22 PM

‎01-25-2006 03:22 PM

Re: scp +sftp only configuration

The authorized_keys file has the command="command" option. You could use that option for the user's key to restrict the user.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.