Re: Restricting SCP2/SFTP access to Unix

From: Wu Fei Liang (
Date: 11/07/03

  • Next message: krzee: "Re: SSH permission question"
    To: <>, <>
    Date: Fri, 7 Nov 2003 19:41:32 +0100

    Hash: SHA1

    On Friday 07 November 2003 04:01, Fahroe Ibrahim wrote:
    > Hi there,
    > I would like to know if it is possible to restrict user from doing
    > SCP2/SFTP to a server, but still allowing him to do SSH to the same server.
    > If it is, where can I configure it?


    I don't know whether it is possible to configure that through the config-files
    of ssh but i think i could have another solution for you. You could do
    something like this:

    1) Change the access permissions of scp and sftp:
            root #chmod o-x /usr/bin/sftp /usr/bin/scp

       This would prevent regular users from executing these two commands

    2) In case you would like to allow specific users to use scp, you could just
    add a new group and put the privileged users into that group, e.g. susers.

            root #groupadd susers
            root #chown root:susers /usr/bin/sftp /usr/bin/scp
            root #chmod o-x /usr/bin/sftp /usr/bin/scp

    - --

    - --------------------------------------------------------------
    WU Fei Liang Computer & Media Security
                                    University of Applied Sciences
                                           4232 Hagenberg, Austria

    [ Mail ]

    [ Public-Key ]
    - --------------------------------------------------------------
    Version: GnuPG v1.2.3 (GNU/Linux)

    -----END PGP SIGNATURE-----

  • Next message: krzee: "Re: SSH permission question"

    Relevant Pages

    • Re: smbfs 2 GB file size limit
      ... Did you really mean to say scp or cp? ... install / update your ports collection using portsnap ... related to ssh. ... I was having after updating a server to 7.0 that normally accrues ...
    • openssh to openssh scp ssh1 compatibility mode error
      ... i am aware of the ssh1 compatibility mode error problem when using scp ... to transfer files from an openssh client to a commercial ssh server. ...
    • Re: SSH Protocol 2 between 9.x and 10.0 fails
      ... I'm making my first FreeBSD 10.0 server, and have been trying to use ... scp to copy files onto it from a machine running 9.1. ... log into either machine from the other with SSH Protocol 2. ... multi-file transfers via scp still stall. ...
    • Re: net:scp Host key verification failed
      ... This created a key on one server. ... post questions to a more appropriate ssh, scp, or OS related ... scp file ...
    • Re: Howto deny a sftp connection
      ... For me I want to archieve, that users can connect to the server by ssh ... the sftp subsystem is easily to stop by editing the sshd_config. ... how can I stop the scp funktion of ssh? ...