SSH and SCP user logins
 

Hi guys, i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.


possibly edit their entry in .etc/passwd to /nologin? i donno.

thanks for the help

Look at scponly and rssh. I don't know if rssh supports WinSCP though.

interesting program, thanks for the link.

Do you currently use this on your machines for your users?

i wonder how long until openssh implements this feature?

Yes, I've implemented both of the at client sites, and they work pretty well. I haven't heard any complaints.

Or without using a program of any kind, you can just edit the sshd_config to only allow certain users to be able to login.

-twantrd

awesome, how might i do that??


thats a lot!!! this is a great solution

Yes, he's correct that you can use the AllowUsers, AllowGroups, DenyUsers, and DenyGroups in the sshd_config to define access lists; however, there is no directive to define them as sftp/scp only.

sopiaz57 no answer here? use Google!

Witeshark,

I have already sopiaz57's question.

Place a AllowUsers directive in sshd_config. This will allow the user to scp/ftp but not allow them to login via putty. However, if sopiaz allows telnet login that's a different story. Either way, sopiaz should not have a telnet daemon running as it is very insecure.

-twantrd

Where did telnet enter the question? Putty can also be used for SSH access to a shell prompt (which he is trying to avoid).

Just giving him more information than necessary. Just letting him know in case he does run a telnet daemon. Sorry for placing something a little something off the subject.

-twantrd

stickman, thanks for the tip with the SSHD_CONFIG

I wasnt aware of that capibility. I think OPEN SSH will soon implement a scp/sftp only directive or sometihng.

twantrd - telnet, bless it's soul. thanks, it never hurts to tell people.