Re: Restricting SCP2/SFTP access to Unix

From: Wu Fei Liang (wu_fei_liang_at_cms.ac)
Date: 11/07/03

  • Next message: krzee: "Re: SSH permission question" 
    To: <fahroe@fahroe.com>, <secureshell@securityfocus.com>
Date: Fri, 7 Nov 2003 19:41:32 +0100

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Friday 07 November 2003 04:01, Fahroe Ibrahim wrote:
    > Hi there,
    >
    > I would like to know if it is possible to restrict user from doing
    > SCP2/SFTP to a server, but still allowing him to do SSH to the same server.
    > If it is, where can I configure it?

    Hi!

    I don't know whether it is possible to configure that through the config-files
    of ssh but i think i could have another solution for you. You could do
    something like this:

    1) Change the access permissions of scp and sftp:
            
            root #chmod o-x /usr/bin/sftp /usr/bin/scp

       This would prevent regular users from executing these two commands

    2) In case you would like to allow specific users to use scp, you could just
    add a new group and put the privileged users into that group, e.g. susers.

            root #groupadd susers
            root #chown root:susers /usr/bin/sftp /usr/bin/scp
            root #chmod o-x /usr/bin/sftp /usr/bin/scp

    hth
    - --

    - --------------------------------------------------------------
    WU Fei Liang Computer & Media Security
                                    University of Applied Sciences
                                           4232 Hagenberg, Austria

    [ Mail ] wu_fei_liang@cms.ac

    [ Public-Key ]
    http://pgp.mit.edu:11371/pks/lookup?search=0xC5633638&op=index
    - --------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQE/q+dcuoi2rcVjNjgRAtQWAJ4ijlb6UFHXyRacl0C6Ka6+UeWNbACfQ2bw
    i8VsGykkK0yyYlVn82VsHSE=
    =LXGP
    -----END PGP SIGNATURE-----

  • Next message: krzee: "Re: SSH permission question"

    Relevant Pages

    • Re: smbfs 2 GB file size limit
      ... Did you really mean to say scp or cp? ... install / update your ports collection using portsnap ... related to ssh. ... I was having after updating a server to 7.0 that normally accrues ...
      (freebsd-questions)
    • openssh to openssh scp ssh1 compatibility mode error
      ... i am aware of the ssh1 compatibility mode error problem when using scp ... to transfer files from an openssh client to a commercial ssh server. ...
      (comp.security.ssh)
    • Re: net:scp Host key verification failed
      ... This created a key on one server. ... post questions to a more appropriate ssh, scp, or OS related ... scp file remote.host.net:remote_file_name ...
      (comp.lang.perl.misc)
    • Re: Howto deny a sftp connection
      ... For me I want to archieve, that users can connect to the server by ssh ... the sftp subsystem is easily to stop by editing the sshd_config. ... how can I stop the scp funktion of ssh? ...
      (comp.security.ssh)
    • Re: net:scp Host key verification failed
      ... This created a key on one server. ... post questions to a more appropriate ssh, scp, or OS related ... scp file remote.host.net:remote_file_name ...
      (comp.lang.perl.misc)