scp only key authentication?
From: Doug O'Leary (dkoleary_at_olearycomputers.com)
Date: Tue, 13 Apr 2004 20:53:09 GMT
I'm working with a client that's running openssh 3.7.1. They have a need
for one designated account to use public/private key authentication to
scp a file from a server to a client.
The client's philosophy is that public/private key authentication is a
trust relationship - similiar in scope to a trust relationship using
UNIX r-commands. That's obviously not quite true; however, the client
is very happy and, so far, very successful operating under that
philosophy so changing it isn't an option.
They would like to limit the public/private key authenticated access
to scp (and only scp) one particular file. In other words, the
account in question won't be able to get a terminal session, shell
prompt using ssh - and it would only be able to scp the one file
down from the server, not put anything, not get anything else.
I haven't heard of anyone even attempting this level of restriction
using public/private key authentication. My first thought was to
use the command option in the authorize_keys2 file; however, haven't
gotten much further than the pondering stage.
Does anyone know of a cleaner/brighter way of implementing this type
of restriction to scp and P/P key authentication?
Thanks for any hints/tips/suggestions.
-- -------- Senior UNIX Admin O'Leary Computer Enterprises firstname.lastname@example.org (w) 630-904-6098 (c) 630-248-2749 resume: http://www.olearycomputers.com/resume.html