Re: Disable ssh login + enable scp for specific users.

• Previous message: Asif Iqbal: "ssh .vs. rsh"
• In reply to: Dominik Schleich: "Re: Disable ssh login + enable scp for specific users."
• Next in thread: Dominik Schleich: "Re: Disable ssh login + enable scp for specific users."
• Reply: Dominik Schleich: "Re: Disable ssh login + enable scp for specific users."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Dominik Schleich <dsc@tpso.com>
Date: Thu, 22 Jan 2004 10:06:31 -0300

On Wed, 2004-01-21 at 08:41, Dominik Schleich wrote:
> Loris Serena wrote:
>
> > Hello list,
> >
> > Here is what I need to achieve on a per-user basis:
> >
> > 1. disallow user-xyz to login via ssh to a specific box;
> > 2. let user-xyz be able to scp to said box;
> > 3. let anybody else ssh to said box and then su - user-xyz.
> >
> > Is there any way of doing this?
> >
> > Thanks in advance
> >
> > Loris
> >
> Hi Loris
> principally it should be enough to set the loginshell of user-xyz to an
> invalid path (e.g. /bin/none or so) in your /etc/passwd
>
> Its not tested, just what i think, but i hope it helps anyway

this won't work because when the other user su to user-xyz, the invalid
shell will be executed and after that, the user will be "logged off".

For example:

debian:~# grep snort /etc/passwd
snort:x:105:1003:Snort IDS:/var/log/snort:/bin/false
debian:~# su snort
debian:~#

and it's not possible to execute another shell

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: Asif Iqbal: "ssh .vs. rsh"
• In reply to: Dominik Schleich: "Re: Disable ssh login + enable scp for specific users."
• Next in thread: Dominik Schleich: "Re: Disable ssh login + enable scp for specific users."
• Reply: Dominik Schleich: "Re: Disable ssh login + enable scp for specific users."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]