-   Linux - Security (
-   -   SSH and SCP user logins (

sopiaz57 01-20-2004 11:37 AM

SSH and SCP user logins
Hi guys, i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.

possibly edit their entry in .etc/passwd to /nologin? i donno.

thanks for the help

stickman 01-20-2004 11:55 AM

Look at scponly and rssh. I don't know if rssh supports WinSCP though.

sopiaz57 01-20-2004 01:12 PM

interesting program, thanks for the link.

Do you currently use this on your machines for your users?

i wonder how long until openssh implements this feature?

stickman 01-20-2004 01:47 PM

Yes, I've implemented both of the at client sites, and they work pretty well. I haven't heard any complaints.

twantrd 01-22-2004 06:35 PM

Or without using a program of any kind, you can just edit the sshd_config to only allow certain users to be able to login.


sopiaz57 01-22-2004 09:25 PM

awesome, how might i do that??

thats a lot!!! this is a great solution

stickman 01-22-2004 10:35 PM

Yes, he's correct that you can use the AllowUsers, AllowGroups, DenyUsers, and DenyGroups in the sshd_config to define access lists; however, there is no directive to define them as sftp/scp only.

witeshark 01-24-2004 01:55 AM

sopiaz57 no answer here? use Google!

twantrd 01-25-2004 05:58 AM


I have already sopiaz57's question.


i was wondering how i can give a user SCP access (or sftp ) via WIN SCP but not allow them to login and use a shell via putty.
Place a AllowUsers directive in sshd_config. This will allow the user to scp/ftp but not allow them to login via putty. However, if sopiaz allows telnet login that's a different story. Either way, sopiaz should not have a telnet daemon running as it is very insecure.


stickman 01-27-2004 09:51 PM

Where did telnet enter the question? Putty can also be used for SSH access to a shell prompt (which he is trying to avoid).

twantrd 01-27-2004 10:18 PM

Just giving him more information than necessary. Just letting him know in case he does run a telnet daemon. Sorry for placing something a little something off the subject.


sopiaz57 01-27-2004 10:38 PM

stickman, thanks for the tip with the SSHD_CONFIG

I wasnt aware of that capibility. I think OPEN SSH will soon implement a scp/sftp only directive or sometihng.

twantrd - telnet, bless it's soul. thanks, it never hurts to tell people.

All times are GMT -5. The time now is 08:46 AM.