How to set up ssh-only user with minimal privileges?
Oliver Grawert
ogra at ubuntu.com
Tue Apr 7 10:37:49 UTC 2015
hi,
Am Donnerstag, den 02.04.2015, 16:22 +0200 schrieb Petter Adsen:
> I have a short script running from cron on a server running 14.10, that
> creates a small backup of essential system files. What I want to do is
> set up this script to scp the tarball to another, remote system.
>
> So, I need to create an account on the remote system and set up keys,
> but I want this account to only be able to deposit the archive
> somewhere, and not be able to get to a shell or do anything else.
>
> Is it enough to set the shell for the user to something
> like /bin/false? Will that user still be able to deposit the file via
> scp? Is there anything else I can do to lock down that account?
i would o with a chroot jail and the "ChrootDirectory" option in
sshd_config ... an example setup is described at [1] ... you would just
have to make sure your tarball ends up inside the chroot and is readable
for the user to scp it ...
ciao
oli
[1] http://allanfeid.com/content/creating-chroot-jail-ssh-access
More information about the ubuntu-users
mailing list