Re: scponly, allowing sftp and denying ssh access
- From: Chuck <skilover_nospam@xxxxxxxxxxxxxx>
- Date: Wed, 25 Jan 2006 19:40:18 GMT
lb.centaur@xxxxxxxxx wrote:
> We want to restrict a bunch of users to ftp/sftp access only and deny
> shell access on a Solaris 10 system.
>
> The old trick used for restricting traditional FTP access only was to
> assign users the shell /bin/false. That won't work for ssh and sftp.
>
> I've read a few posts about using "scponly" as a default user shell
> which prohibits user shell access but allows sftp and ftp access. A
> December 2005 security advisory mentioned that scponly had a security
> problem passing shell arguments thereby allowing a root compromise. The
> alert suggested upgrading to version 4.3 (?).
>
> Does anyone have experience with scponly or have other recommendations
> for restricting shell access on Solaris 10? We don'twant to create
> individual RBAC user profiles but would consider assigning all these
> users a common shell in /etc/passwd.
>
> Thanks.
>
> matthew black
> california state university
>
Put this in the /etc/profile script...
#Disable psoft user direct log in
WHO=`who am i | awk ' { print $1 } '`
if [ "${WHO}" = "userid" ]; then
exit
fi
--
To reply by email remove "_nospam"
.
- Follow-Ups:
- Re: scponly, allowing sftp and denying ssh access
- From: Per Hedeland
- Re: scponly, allowing sftp and denying ssh access
- References:
- scponly, allowing sftp and denying ssh access
- From: lb . centaur
- scponly, allowing sftp and denying ssh access
- Prev by Date: scponly, allowing sftp and denying ssh access
- Next by Date: Re: scponly, allowing sftp and denying ssh access
- Previous by thread: scponly, allowing sftp and denying ssh access
- Next by thread: Re: scponly, allowing sftp and denying ssh access
- Index(es):
Relevant Pages
|
|
