LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 01-20-2004, 10:37 AM   #1
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Rep: Reputation: 30
SSH and SCP user logins


Hi guys, i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.


possibly edit their entry in .etc/passwd to /nologin? i donno.

thanks for the help
 
Old 01-20-2004, 10:55 AM   #2
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Look at scponly and rssh. I don't know if rssh supports WinSCP though.
 
Old 01-20-2004, 12:12 PM   #3
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Original Poster
Rep: Reputation: 30
interesting program, thanks for the link.

Do you currently use this on your machines for your users?

i wonder how long until openssh implements this feature?
 
Old 01-20-2004, 12:47 PM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Yes, I've implemented both of the at client sites, and they work pretty well. I haven't heard any complaints.
 
Old 01-22-2004, 05:35 PM   #5
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,438

Rep: Reputation: 52
Or without using a program of any kind, you can just edit the sshd_config to only allow certain users to be able to login.

-twantrd
 
Old 01-22-2004, 08:25 PM   #6
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Original Poster
Rep: Reputation: 30
awesome, how might i do that??


thats a lot!!! this is a great solution
 
Old 01-22-2004, 09:35 PM   #7
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Yes, he's correct that you can use the AllowUsers, AllowGroups, DenyUsers, and DenyGroups in the sshd_config to define access lists; however, there is no directive to define them as sftp/scp only.
 
Old 01-24-2004, 12:55 AM   #8
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
sopiaz57 no answer here? use Google!
 
Old 01-25-2004, 04:58 AM   #9
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,438

Rep: Reputation: 52
Witeshark,

I have already sopiaz57's question.

Quote:
i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.
Place a AllowUsers directive in sshd_config. This will allow the user to scp/ftp but not allow them to login via putty. However, if sopiaz allows telnet login that's a different story. Either way, sopiaz should not have a telnet daemon running as it is very insecure.

-twantrd
 
Old 01-27-2004, 08:51 PM   #10
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Where did telnet enter the question? Putty can also be used for SSH access to a shell prompt (which he is trying to avoid).
 
Old 01-27-2004, 09:18 PM   #11
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,438

Rep: Reputation: 52
Just giving him more information than necessary. Just letting him know in case he does run a telnet daemon. Sorry for placing something a little something off the subject.

-twantrd
 
Old 01-27-2004, 09:38 PM   #12
sopiaz57
Member
 
Registered: Apr 2003
Distribution: RH 8
Posts: 246

Original Poster
Rep: Reputation: 30
stickman, thanks for the tip with the SSHD_CONFIG

I wasnt aware of that capibility. I think OPEN SSH will soon implement a scp/sftp only directive or sometihng.

twantrd - telnet, bless it's soul. thanks, it never hurts to tell people.

Last edited by sopiaz57; 01-27-2004 at 10:03 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do i monitor SSH logins? gtwilliams Linux - Security 5 06-08-2005 10:43 PM
Restricting SSH logins. bullium Linux - Security 3 05-10-2005 01:15 AM
Massive SSH Logins zeeshanhayat Linux - Security 1 03-08-2005 12:49 PM
Need help using Webmin to tell SSH to allow logins Xolo Linux - Security 9 11-22-2004 03:57 PM
restrict ssh logins by ip by user account Beans0063 Linux - Security 4 10-04-2004 01:29 PM


All times are GMT -5. The time now is 10:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration