SSH and SCP user logins

sopiaz57 · 01-20-2004, 10:37 AM

Hi guys, i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.

possibly edit their entry in .etc/passwd to /nologin? i donno.

thanks for the help

stickman · 01-20-2004, 10:55 AM

Look at scponly and rssh. I don't know if rssh supports WinSCP though.

sopiaz57 · 01-20-2004, 12:12 PM

interesting program, thanks for the link.

Do you currently use this on your machines for your users?

i wonder how long until openssh implements this feature?

stickman · 01-20-2004, 12:47 PM

Yes, I've implemented both of the at client sites, and they work pretty well. I haven't heard any complaints.

twantrd · 01-22-2004, 05:35 PM

Or without using a program of any kind, you can just edit the sshd_config to only allow certain users to be able to login.

-twantrd

sopiaz57 · 01-22-2004, 08:25 PM

awesome, how might i do that??

thats a lot!!! this is a great solution

stickman · 01-22-2004, 09:35 PM

Yes, he's correct that you can use the AllowUsers, AllowGroups, DenyUsers, and DenyGroups in the sshd_config to define access lists; however, there is no directive to define them as sftp/scp only.

witeshark · 01-24-2004, 12:55 AM

sopiaz57 no answer here? use Google!

twantrd · 01-25-2004, 04:58 AM

Witeshark,

I have already sopiaz57's question.

Quote:

i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.

Place a AllowUsers directive in sshd_config. This will allow the user to scp/ftp but not allow them to login via putty. However, if sopiaz allows telnet login that's a different story. Either way, sopiaz should not have a telnet daemon running as it is very insecure.

-twantrd

stickman · 01-27-2004, 08:51 PM

Where did telnet enter the question? Putty can also be used for SSH access to a shell prompt (which he is trying to avoid).

twantrd · 01-27-2004, 09:18 PM

Just giving him more information than necessary. Just letting him know in case he does run a telnet daemon. Sorry for placing something a little something off the subject.

-twantrd

sopiaz57 · 01-27-2004, 09:38 PM

stickman, thanks for the tip with the SSHD_CONFIG

I wasnt aware of that capibility. I think OPEN SSH will soon implement a scp/sftp only directive or sometihng.

twantrd - telnet, bless it's soul. thanks, it never hurts to tell people.