Comments on Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze
Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze scponly is an alternate shell that restricts users to SCP and SFTP logins, but disallows SSH logins. It is a wrapper to the OpenSSH suite of applications. With the help of scponly, you can allow your users to use clients such as WinSCP or FileZilla to upload/download files, but you refuse SSH logins (e.g. with PuTTY) so that your users cannot execute files/programs. This tutorial shows how to install and use scponly on Debian Squeeze.
4 Comment(s)
Comments
You write "that your users cannot execute files/programs". This is only true if one also ensures that uploaded files cannot be executed by other means. A setup as you suggest it here is likely to also offer e.g. access through a web server and PHP. At least default configurations generally allow PHP to run programs. Moreover PHP is generally not confined to chrooted environments.
Though, the whole point of scponly and similar tools rarely is to avoid execution of programs because what it does is no more or less than plain FTP or other upload mechanisms, only the authentication and transport is encrypted.
Hiya
Thanks for this. But it does not work (Or least in my testing). And the reason why I say is.
I used setup_chroot.sh to create my janedoe user.
/etc/passwd shows:
janedoe:x:1003:1003::/home/janedoe:/usr/sbin/scponlyc
If I use winscp and I *dont* specify SCP (i.e. sftp), I can still traverse the filesystem.
HTH
Brent
hi, i was configured
but client login, the error :
root@ubuntu:/tmp# sftp [email protected]
[email protected]'s password:
Connection closed
root@ubuntu:/tmp# scp a.txt [email protected]:www/
[email protected]'s password:
unknown user 513
lost connection
Hello,
I had a question about the user ids created for scponly. Can scripts (cron jobs) work for a user configured to use scponly. Thanks for the helpful article.