Creating account with SCP ONLY

Eric W. Bates ericx at vineyard.net
Thu Aug 21 09:57:40 PDT 2003 

Fixed.

The port doesn't work unless you set at least one of the Makefile options.

----- Original Message ----- 
From: "Eric W. Bates" <ericx at vineyard.net>
To: "Andrew Thompson" <andy at fud.org.nz>; "Ralph Forsythe" <rf-list at centerone.com>
Cc: <freebsd-isp at freebsd.org>
Sent: Thursday, August 21, 2003 10:46 AM
Subject: Re: Creating account with SCP ONLY


> 
> ----- Original Message ----- 
> From: "Andrew Thompson" <andy at fud.org.nz>
> To: "Ralph Forsythe" <rf-list at centerone.com>
> Cc: <freebsd-isp at freebsd.org>
> Sent: Thursday, August 21, 2003 1:30 AM
> Subject: Re: Creating account with SCP ONLY
> 
> 
> > On Thu, 2003-08-21 at 17:25, Ralph Forsythe wrote:
> > > Since we're talking about limiting ssh access right now...  I need to 
> > > create user accounts that cannot use the shell, but can still move files 
> > > around via scp/sftp.  We have FTP disabled, and as we start to bring users 
> > > online I do not want them having shell capabilities for security reasons.
> > > 
> > 
> > /usr/ports/shells/scponly
> 
> I was interested to learn of this port and we tried it this morning.; but we can't make it work.
> 
> Setting debug level 2 in /usr/local/etc/scponly/debuglevel we get denied:
> 
>  ** ericx at king1 ** ~ ** Thu Aug 21 10:40:55
> $ scp bdrtest at k2:/usr/local/customers/customers.king2/bdrtest/personal/foo.txt .
> bdrtest at king2.vineyard.net's password: 
> [48256]: 3 arguments in total.
> [48256]:        arg 0 is scponly
> [48256]:        arg 1 is -c
> [48256]:        arg 2 is scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt
> [48256]: opened log at LOG_AUTHPRIV, opts 0x00000029
> [48256]: retrieved home directory of "/usr/local/customers/customers.king2/./bdrtest" for user "bdrtest"
> [48256]: setting uid to 3575
> [48256]: processing request: "scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt"
> 
> [48256]: denied request: scp -f /usr/local/customers/customers.king2/bdrtest/personal/foo.txt [username: bdrtest(3575), IP/port: 204.17.195.90 1483 22]
> 
> Apparantly this question has been asked on the scponly mailing list; but never answered.
> 
> > _______________________________________________
> > freebsd-isp at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> > To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
> >


--------------------------------------------------------------------------------


> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

More information about the freebsd-isp mailing list