openssh public Key Athentication - with restrickted login shell

From: Jannis Kafkoulas <jasecml@xxxxxxxxx>
Date: Thu, 5 Nov 2009 15:26:39 +0000 (GMT)

Hi,

I'd like too use scp to transfer data to a Linux box out of a perl script using public key authentication(with no passphrase:-( ).
As long as the used userid has a regular account on that server everything works fine.
But for higher security I'd like the user not to be able to login, so I gave him a "nologin shell" in the /etc/paswd. In this case its also inposible
to authenticate as before.
So I thought it should be a working but restricted "login shell", which is sufficient enough for that user complete the authentication and to do its scp file transfer, nothing else.
Any idea?

Thanks in advance

Jannis

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Follow-Ups:
- Re: openssh public Key Athentication - with restrickted login shell
  - From: Phillip Macey
- RE: openssh public Key Athentication - with restrickted login shell
  - From: Chris Firth
- Re: openssh public Key Athentication - with restrickted login shell
  - From: Robin Wood

Prev by Date: Re: Testing for SQL injection or Cross Site scripting
Next by Date: Re: Security Toolkit for dummies
Previous by thread: Re: Software to create IP Packets
Next by thread: Re: openssh public Key Athentication - with restrickted login shell
Index(es):
- Date
- Thread

Relevant Pages

Re: NFS or SCP ??
... > Is this something you would normally do using NFS? ... There are numerous ways to transfer data, ... SSH (SFTP, SCP) ...
(comp.os.linux.security)
defeated by optmisation!
... I do have user level access and logins ... In order to transfer data, ... A little probing revealed that scp had ... (e.g. user on a remote dialup initiating ...
(comp.security.ssh)
Re: openssh public Key Athentication - with restrickted login shell
... If you can use sftp rather than scp you can set the shell to ... I'd like too use scp to transfer data to a Linux box out of a perl script using public key authentication. ... So I thought it should be a working but restricted "login shell", which is sufficient enough for that user complete the authentication and to do its scp file transfer, nothing else. ... Securing Apache Web Server with thawte Digital Certificate ...
(Security-Basics)
Re: openssh public Key Athentication - with restrickted login shell
... I'd like too use scp to transfer data to a Linux box out of a perl script using public key authentication. ... So I thought it should be a working but restricted "login shell", which is sufficient enough for that user complete the authentication and to do its scp file transfer, nothing else. ... You can find out exactly what command you need to use in authorized_keys by running 'scp -v' on the client side. ...
(Security-Basics)
Re: scp between remote hosts.
... slea> to authenticate via password. ... but it's not inherent in scp being executed remotely; ... only because there's no pty and scp uses ssh -n in running the remote ...
(comp.security.ssh)