Restricting SSH but allowing SCP

mkono · 06-02-2009, 09:54 AM

All,
I am running RHEL5 in a WebSphere environment and have decided to restrict SSH access to a particular generic user. However I need that user to be able to SCP files from one server to another.

I guess the problem is that SSH and SCP use the same port (22) and scp requires an ssh shell connection to perform an scp of files.

Does anyone have any ideas on how to restrict SSH for a particular user, but allow them to SCP?

Any help would be greatly appreciated.

Thanks,
mkono

druuna · 06-02-2009, 10:00 AM

Hi,

Take a look at scponly

Quote from the above site:

Quote:

scponly is an alternative 'shell' (of sorts) for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the tried and true ssh suite of applications.

Hope this helps.

Sm1ler · 06-03-2009, 08:04 AM

I would highly recommend this help file from Centos on securing ssh. I would use Public private Key and disable password authentication then just import the key for the one user you want to be able to use the service, job done!

http://wiki.centos.org/HowTos/Networ...ecuring)|(ssh)