How to set up ssh-only user with minimal privileges?
Paul Smith
paul at mad-scientist.net
Fri Apr 3 15:00:41 UTC 2015
On Fri, 2015-04-03 at 16:42 +0200, Petter Adsen wrote:
> As it turns out, setting the shell to /bin/false or /usr/sbin/nologin
> does *not* work. It seems scp requires a regular ssh connection to
> transfer the files. Just thought I'd mention it in case anybody else
> needs to do this.
Sure, because scp basically logs in via SSH then invokes scp with
magical arguments that put it in "receive a file" mode. It needs to be
able to run that process and a shell of /bin/false just exits
immediately and doesn't run anything.
You can do this if you grovel into scp enough to figure out the flags (I
don't think they're in the man page).
A simpler (and more secure) solution is to install and use something
like scponly: https://github.com/scponly/scponly/wiki
Unfortunately it doesn't appear to be packaged for Ubuntu :(
More information about the ubuntu-users
mailing list