HPE Community
Operating System - HP-UX
1835212 Members
2277 Online
110077 Solutions
New Discussion

using openssh

 
maafa
Advisor

‎03-27-2002 01:53 AM

‎03-27-2002 01:53 AM

using openssh

hi all,

I am looking for a minimal sshd_config file which do the following:

ssh protocole 2
restrict ssh interactive root login.
permit scp batch root copy.

thank you
0 Kudos
Reply
3 REPLIES 3
Shannon Petry
Honored Contributor

‎03-27-2002 09:11 AM

‎03-27-2002 09:11 AM

Re: using openssh

As far as I know, you can not have your cake and eat it too. ssh is a function of sftp, and rules apply to scp/ssh and sftp when initiated.

If a user is denied access to ssh, then this applies to scp, and sftp as well.

In this case, perhaps look at an alternate method of doing what you want. I.E.
Have user1 copy batch file, but have roots cron extract/move it when it's done.

regards,
Shannon

Microsoft. When do you want a virus today?
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎03-27-2002 12:37 PM

‎03-27-2002 12:37 PM

Re: using openssh

Maafa, would you be looking for mandatory RSA authentication (or DSA) and no password?

Shannon is correct in that you can't have one setting for root and another for all others. Though you could a priori deny root login entirely -- though this doesn't sound like what you want.

Perhaps something like

~~~
RhostsAuthentication no
#
RhostsRSAAuthentication no
#
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
~~~

which would disallow rhost and password authentication, but allow RSAauthentication.

In order to login, as root, (or anyone) then, the proper RSA key must be presented.

For more info on these options, read the man page or get the book from O'Reilly -- definately worth reading.

hth, Mark
0 Kudos
Reply
Craig Rants
Honored Contributor

‎03-27-2002 12:44 PM

‎03-27-2002 12:44 PM

Re: using openssh

You can deny users with AllowUsers and DenyUsers directives. They just are not part of the initial sshd_config file.

i.e.

AllowRootLogin yes
AllowUsers root

thus root is the only user allowed to use ssh

GL,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.