[ubuntu-za] Securely upload files to server?

Neil Muller neil at dip.sun.ac.za
Sat May 17 09:33:30 BST 2008


On Sat, May 17, 2008 at 06:12:49AM +0200, Neil Manson wrote:
> Hi All
> 
> I run a server at work, and I would like to allow a colleague to upload 
> files to it, but as securely as possible. I'm not really keen to run an 
> FTP server on the box. I could give my colleague an account on the box 
> and allow him ssh access, but there is no need for an account on the box 
> other than the file uploads.

You can create a restricted account with allows scp/sftp access, but
doesn't allow the user to login. Various ways of doing this exist. 
A common approach is to use a restrictive shell like rssh or scponly [1], 
but other options, such as using pam_chroot to restrict the
user's access to a carefully chosen subset of the directory tree also
exist [2], or using sshd_config options like ForceCommand to restrict
the user [3], can also be used.


[1] both rssh and scponly have somewhat spotty security histories,
though, so you'll need to do some research and decide if the risks are
acceptable first.

[2] Also read up on chroot security and the ways of breaking out of
chroots.

[3] And there have been bugs that make this bypassable as well under
various circumstances.

-- 
Neil Muller  email: neil at dip.sun.ac.za 

Division Applied Mathematics, Department of Mathematical Sciences
University of Stellenbosch



More information about the ubuntu-za mailing list