Re: Disable SFTP/SCP but not SSH?
From: Darren Tucker (dtucker_at_zip.com.au)
Date: 07/08/04
- Previous message: Burak Bilen: "Re: 64_bit SSH"
- In reply to: Real Cucumber: "Disable SFTP/SCP but not SSH?"
- Next in thread: David Redmond: "Re: Disable SFTP/SCP but not SSH?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 08 Jul 2004 20:06:06 +1000 To: Real Cucumber <monkcucumber@yahoo.com>
Real Cucumber wrote:
> Using Fedora Core 2 and OpenSSH 3.6.1p2, I'm wondering
> if it is possible to allow users to connect via SSH,
> but prevent them from connecting through SFTP and/or
> SCP?
Kind of (make a "scp" group, chgrp "scp" and "sftp-server" and chmod
them 0550) but at best this a mild inconvenience and will do *zero* to
actually stop people from transferring files.
They can use shell redirection (some variant of "ssh yourhost 'cat
>destfile' <sourcefile"), creative uses of tar/uuencode, or any number
of other things. They can also install their own copies of scp and/or
sftp-server if they have write access to some filesystem that's not
mounted noexec.
You might be able to do it if your users have a restricted shell too
(but those can be tricky to get right).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Previous message: Burak Bilen: "Re: 64_bit SSH"
- In reply to: Real Cucumber: "Disable SFTP/SCP but not SSH?"
- Next in thread: David Redmond: "Re: Disable SFTP/SCP but not SSH?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
