login permission over scp

Eilko Bos tafkam at brasapen.org
Thu Feb 17 09:54:01 GMT 2005


>From the keyboard of ???????????? ??????, written on Thu, Feb 17, 2005 at 11:42:11AM +0300:
> i need only secure copy, but must give full user shell to user user1 at A
> on host B. if attaker take control of A, he can shell to user at b
> setting /sbin/nologin to shell user at B- scp not work
> what can i do to reduce permission user at b

You can use rssh from the ports:
$ cat /usr/ports/shells/rssh/pkg-descr 
rssh is a Restricted Secure SHell that allow only the use of sftp or scp.
It could be use when you need an account (and a valid shell) in order to
execute sftp or scp but when you don't want to give the possibility to log
in to this user.

WWW: http://www.pizzashack.org/rssh/index.shtml

- enigmatyc
enigmatyc at laposte.net


More information about the freebsd-questions mailing list