scp only key authentication?

From: Doug O'Leary (dkoleary_at_olearycomputers.com)
Date: 04/13/04


Date: Tue, 13 Apr 2004 20:53:09 GMT

Hey, all;

I'm working with a client that's running openssh 3.7.1. They have a need
for one designated account to use public/private key authentication to
scp a file from a server to a client.

The client's philosophy is that public/private key authentication is a
trust relationship - similiar in scope to a trust relationship using
UNIX r-commands. That's obviously not quite true; however, the client
is very happy and, so far, very successful operating under that
philosophy so changing it isn't an option.

They would like to limit the public/private key authenticated access
to scp (and only scp) one particular file. In other words, the
account in question won't be able to get a terminal session, shell
prompt using ssh - and it would only be able to scp the one file
down from the server, not put anything, not get anything else.

I haven't heard of anyone even attempting this level of restriction
using public/private key authentication. My first thought was to
use the command option in the authorize_keys2 file; however, haven't
gotten much further than the pondering stage.

Does anyone know of a cleaner/brighter way of implementing this type
of restriction to scp and P/P key authentication?

Thanks for any hints/tips/suggestions.

Doug O'Leary

-- 
--------
Senior UNIX Admin
O'Leary Computer Enterprises
dkoleary@olearycomputers.com (w) 630-904-6098 (c) 630-248-2749
resume:  http://www.olearycomputers.com/resume.html


Relevant Pages

  • Re: scp requieres scp1?
    ... >> If the server doesn't support SSH1, it doesn't support scp. ... SSH connection to the server using your local SSH client program, ...
    (comp.security.ssh)
  • Re: NFS Buffering
    ... The problem is that after scp reports that it's 100% complete the ... not necessarily aiming to get rid of it, just set the cache size to ... Buffering will be done at both the server AND the client. ... How to I configure nfsiod? ...
    (Fedora)
  • Re: NFS Buffering
    ... The problem is that after scp reports that it's 100% complete the ... not necessarily aiming to get rid of it, just set the cache size to ... Buffering will be done at both the server AND the client. ... How to I configure nfsiod? ...
    (Fedora)
  • scp library
    ... I'm trying to develop a scp client library ... openssh doesnt provide a library/API for scp. ... client tries to establish "ssh" with the server ...
    (SSH)
  • Re: Comfortable ssh file management tool for linux ?
    ... > tool from a win-machine to a linux server and UNPACK IT ON THE SERVER ... You use scp to transfer data ... Manipulating data like this via a Windows client may not be as easy. ...
    (comp.os.linux.x)