How to set up ssh-only user with minimal privileges?
Petter Adsen
petter at synth.no
Fri Apr 3 16:06:26 UTC 2015
On Fri, 03 Apr 2015 11:00:41 -0400
Paul Smith <paul at mad-scientist.net> wrote:
> On Fri, 2015-04-03 at 16:42 +0200, Petter Adsen wrote:
> > As it turns out, setting the shell to /bin/false
> > or /usr/sbin/nologin does *not* work. It seems scp requires a
> > regular ssh connection to transfer the files. Just thought I'd
> > mention it in case anybody else needs to do this.
>
> Sure, because scp basically logs in via SSH then invokes scp with
> magical arguments that put it in "receive a file" mode. It needs to
> be able to run that process and a shell of /bin/false just exits
> immediately and doesn't run anything.
I suspected this, which was the reason I asked in the first place :)
> You can do this if you grovel into scp enough to figure out the flags
> (I don't think they're in the man page).
>
> A simpler (and more secure) solution is to install and use something
> like scponly: https://github.com/scponly/scponly/wiki
>
> Unfortunately it doesn't appear to be packaged for Ubuntu :(
This looks useful, thanks. That it isn't packaged doesn't matter as
long as the source is available. I'll have a look at it tomorrow.
Petter
--
"I'm ionized"
"Are you sure?"
"I'm positive."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150403/3f1b9b89/attachment.sig>
More information about the ubuntu-users
mailing list