LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-01-2011, 02:00 PM   #1
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,186

Rep: Reputation: 95
Need user account which can connect by ssh but not login locally nor run shell


I wish to create a user account on my server which will be used ONLY to transfer files to/from the server over ssh. I do not want the account to be able to login at the console of the server, nor to be able to invoke a shell once it is connect to the server over ssh.

I think I recall being able to do this on HPUX (well actually I requested the account to be setup and the Unix admin created it and turned it over to me). I have no idea how this was done. Can anyone point me in the right direction? I am running Ubuntu 10.04 on the server if that matters.

TIA,

Ken
 
Old 07-01-2011, 02:23 PM   #2
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,255

Rep: Reputation: 118Reputation: 118
AFAIK that can not be done with pure ssh - ssh is "secure shell", you login to a shell on a remote computer with it.
What you are after is probably sftp, to the user it behaves just like ftp but transfer is with ssh - at least this is how I understand the docs, never used it just read about it so please don't shoot me if I'm wrong! ;-)
 
Old 07-01-2011, 02:41 PM   #3
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,186

Original Poster
Rep: Reputation: 95
Thanks pingu, my bad. I am connecting with gnome-commander which has the choice "ssh" but which actually connects with "sftp". No shell is involved in the connection. On the other hand gnome-commander stores the password used for the connection in plain text and the "use gnome keyring" in gnome-commander does not work so my work around for the moment is to use a do very little account to make the connection.

I really need to rethink the whole approach to connecting from my PC to the server for the purpose of moving files. I could use nfs but it is not very secure (although I am on a private LAN and the risks are minimal). I can connect using nautilus but although the mount shows up on the desktop (Ubuntu 10.04) is not available to gnome-commander which is my preferred file mover. I could use Samba but that is such a Windoze thing

Ken
 
Old 07-02-2011, 12:45 AM   #4
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
There are two ways that you can do this (as far as I know).

You can setup a ftp server with virtual users; that's the way I'm not familiar with. And you can setup a ftp server with normal users and don't allow login using a shell by setting the shell to /bin/false (or something like that; check your system). If the latter option still allows ssh access (I don't think it will but I'm not sure), you can block users in the sshd configuration).

Configure the ftp server to use ftps for secure transfers.
 
1 members found this post helpful.
Old 07-02-2011, 08:44 AM   #5
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,186

Original Poster
Rep: Reputation: 95
Thanks Wim Sturkenboom,

I set the shell to /bin/false and my dummy account cannot connect over ssh as expected. It also cannot connect by ssh or sftp or whatever gnome commander uses for its connection. So I guess I am on to plan B or C or perhaps I will explore Secure NFS which I think is related to Kerberos which I also need to explore.

Ken
 
Old 07-02-2011, 09:11 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
See if rssh or scponly work for you?
 
Old 07-02-2011, 09:29 AM   #7
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
@taylorkh: Is this question about CentOS 5 on the server side? (I saw an Ubuntu reference, but you appeared to be talking about your desktop.) If CentOS 5, this is an easy enough problem to solve. Read the full instructions here:
http://www.linuxquestions.org/questi...on-rhel5-3495/
 
Old 07-02-2011, 10:19 AM   #8
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Quote:
Originally Posted by taylorkh View Post
Thanks Wim Sturkenboom,

I set the shell to /bin/false and my dummy account cannot connect over ssh as expected. It also cannot connect by ssh or sftp or whatever gnome commander uses for its connection. So I guess I am on to plan B or C or perhaps I will explore Secure NFS which I think is related to Kerberos which I also need to explore.

Ken
With the solution that I mention, I was talking about a ftp server and ftps (not sftp). But other solutions might be better.
 
Old 07-02-2011, 12:05 PM   #9
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,186

Original Poster
Rep: Reputation: 95
Thanks anomie. At the moment I am Ubuntu 10.04 on all machines. I may go to CentOS when I finally get tired of Ubuntu making things easy

Ken
 
Old 07-02-2011, 12:37 PM   #10
flamelord
Member
 
Registered: Jun 2011
Distribution: Arch Linux
Posts: 148

Rep: Reputation: 34
if your concern is having a password in plain text, I would recommend using a key instead, (which is more secure anyway). See https://help.ubuntu.com/community/SSH/OpenSSH/Keys. Then you should be able to use sftp without having to use, or store a password.
 
Old 07-02-2011, 01:28 PM   #11
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,186

Original Poster
Rep: Reputation: 95
Thanks as always unSpawn for answering the question! The products you mention look like they should do what I asked for. However, I am afraid my question was avoiding the root cause (pardon the pun) of my issue. The issue is that gnome-commander, my favorite file manager interface, saves passwords for remote connections in plain text in ~/gnome-commander/connections. If I try the "use gnome keyring" option in gnome-commander it does not do so and crashes about 9 out of 10 times. I have setup a dummy account with few privileges which I can use to connect to another machine. But that presents me with file permission issues. If I, ken, download a file on my low power consumption netbook and want to move it to my desktop PC I can connect as the dummy account and copy the file. However, the dummy account does not have write permissions to the file. The permissions created by ken are "-rw-r--r-- 1 ken ken" So unless I change my umask to 002 I cannot share write permission to the files in question. I believe I need to sit back and think this through a little more.

Thanks flamelord. That might be what I need. However, I am not sure how gnome-commander will interface with it. See the above paragraph. gnome-commander is the underlying cause of the issue. I have tried several other similar tools but despite its warts, gnome-commander is closest to what I want (although I just installed Krusader and it may have possibilities).

I think what I really need to do is to establish secure connections from the PC to the other machines (sort of like making an NFS mount) and then just access the mounted locations in gnome-commander and not worry about gnome-commander doing the connection. If your suggestion can do something like that it may solve the problem. I also have some information about using NFS over an ssh tunnel but I have not tried configuring such a thing yet.

Thanks all,

Ken
 
Old 07-05-2011, 07:49 AM   #12
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,186

Original Poster
Rep: Reputation: 95
I have resolved the root (pardon the pun) cause of this fiasco. I have gotten gnome-commander to work with the Gnome Keyring and I can connect with my normal account and privileges. I do not need the dummy account. I am dummy enough

Ken
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH server problem. Can connect remotely but not locally Awesome Linux - Server 11 06-16-2011 02:27 AM
[SOLVED] custom login script for *shared account* (using SSH) gnuweenie Linux - Security 3 03-03-2011 02:08 PM
Shell script to automatically login through ssh and create user Sayan Acharjee Linux - General 10 10-21-2010 01:51 AM
can't ssh into shell account nick623 Fedora 4 08-02-2006 10:14 PM
Can't login to domain account in X but can in shell mhodges Linux - Networking 2 10-22-2004 11:36 AM


All times are GMT -5. The time now is 11:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration