[TriLUG] SCP, Chroot

Mark Freeze mfreeze at gmail.com
Tue Jan 17 10:03:25 EST 2006 

I created a user called 'uploads' with all the permissions and stuff that a
normal user would have.  I changed the shell to /bin/false and tried to scp
from my laptop with no success.  I would issue the scp command and it would
ask me for a password.  However, after entering the password it would always
say 'lost connection'.  I changed the shell back to /bin/bash and it worked
normally after that.

I may try to look over the script from the website that Rick pointed out if
no one else has any ideas.

The web form idea from Cristobal was a good idea, but I am trying to do this
from a script.  My offices downtown are on OSX and they are trying to set up
scripts that will automatically send me files. So, I told them they could
just scp the files over to me.  I could probably just issue them an id and
they would add it to their script and forget about it.  However, I just
don't want an id floating around out there that someone could use and just
go browsing around the fs, looking at whatever they wanted.  (Was it the
Kinks that said, "Paranoia will destroy ya...")  I could also set up a
chroot jail with proftp but I'd really like to use scp and get this figured
out for future use.

Thanks to everyone for their help!

Thanks,
Mark.


On 1/16/06, William Sutton <william at trilug.org> wrote:
>
> What happens if you put /bin/false for the shell?  should let them scp to
> only where they have permission (e.g., home/user) but not login, correct?
>
> --
> William Sutton
>
>
> On Mon, 16 Jan 2006, Mark Freeze wrote:
>
> > What are some ways to restrict a ssh user to their home (or any)
> > directory?  What I am trying to do is set up a username that is jailed
> to a
> > specific directory so users can drop off files via SCP.   I don't want
> them
> > navigating around the fs if they were to log in with ssh. And, what
> about if
> > they tried to SCP a file to somewhere other than /home/username? I
> looked at
> > chrooting but that would just restrict them if they logged in.  I saw
> this
> > package http://www.sublimation.org/scponly/ but I was trying to do this
> on
> > my server without adding a bunch of packages or 3rd-Party stuff.
> >
> > Thanks,
> > Mark.
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list