Re: Restricting SCP2/SFTP access to Unix

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 11/08/03

  • Next message: Stephen Liu: "Re: SSH permission question"
    Date: Sat, 08 Nov 2003 10:34:26 +1100
    To: fahroe@fahroe.com
    
    

    Fahroe Ibrahim wrote:
    > I would like to know if it is possible to restrict user from doing SCP2/SFTP
    > to a server, but still allowing him to do SSH to the same server.
    > If it is, where can I configure it?

    You could fiddle with the permissions of the scp and sftp server binaries
    but it wouldn't stop people a) installing their own copies or b)
    transferring files with ssh directly, eg "ssh somehost cat
    /some/remote/file >localfile".

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
        Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: Stephen Liu: "Re: SSH permission question"

    Relevant Pages

    • Re: Trouble with X11 over SSH on Mandriva 2010.0
      ... If next clean install/update causes ssh to break, ... installed the sshd daemon/service package (OpenSSH Server) on the server. ... correct values for client and server. ...
      (comp.os.linux.networking)
    • Re: Apache Software Foundation Server compromised, resecured. (fwd)
      ... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
      (FreeBSD-Security)
    • Re: FreeBSD Crash without Errors, Warnings, or Panics
      ... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
      (freebsd-hackers)
    • Re: restrict ssh access
      ... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
      (comp.security.ssh)
    • Re: SSH as root
      ... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...
      (SSH)