Hi everyone!
I have a problem...
I need to restrict user to sftp usage only from one computer to another...
I mean that the user cannot login to the computer or even use sftp from other computer only from the one i allow.
thanx for the help!
Hi everyone!
I have a problem...
I need to restrict user to sftp usage only from one computer to another...
I mean that the user cannot login to the computer or even use sftp from other computer only from the one i allow.
thanx for the help!
move "sftp" to /sbin folder for example, and set it with root:root priviledges, but he can still use "scp" as well, what is the actual idea behind that ? Resrict usage to ssh tools at all, or create rules for certain destinations, please shed some more light.
Hi...
the idea is to make a user account that would be used only for file transfers...
but it's important that whoever log into that account would do that from a specific computer and would not get a shell...
thanx.
If the destination and source computers are always the same then you could make the user's shell in /etc/passwd, sftp and add the required arguments.
Or you could give the user a restricted shell and place a link to sftp in $HOME/bin for that user.
that could be a good solution...!
can someone give me an example for the arguments i need?
Hi ,
to restrict for only one computer to be allowed is
with use TCP Wrappers. which it must be installed first on the machine..
and then, edit the /etc/hosts.allow as follow:
sshd:<ip address>:allow
example:
sshd:10.195.5.120:allow
and edit the /etc/hosts.deny as follow:
ALL:ALL EXCEPT localhosts:deny
then ,
you can edit $HOME/.profile with add command :
exit
this is for restricting access user to the shell prompt..
and the user account is able to use sftp/scp only.
Thanx a lot but...
Tcp Wrappers solution is no good for me because it's a production computers so i can't install anything new...
OK...
I have created a user and edited his ".profile"
like this:
/bin/sftp USER@DEST_SERVER
exit
that way the user does not get a shell
the only problem here is that he'll need to enter a password...
how can i cancel the need for password in sftp?
thanx.
You can setup corresponding public/private keys, and the sftp command would look roughly like this :
/bin/sftp -oIdentityFile=/path/to/key/id_rsa user@host
Thank you all i solved it with your help!
Hi
I Need to configure SFTP with users restricted very tightly.. for this i am trying chroot jail. But still user can go to other dircetory...
My user as below..
test1:x:101123:81::/var/tmp/pradeep/chroot/./pra/test1:/bin/sh
can anybody help me to setup chrrot jail that allow sftp only..
Posting at the bottom of a concluded thread is probably not the best way to go.
Try: http://sublimation.org/scponly/
You can keep shell as /bin/nologin for that user so wont be able to login to system. I guess this is what your actual purpose.
Hi,
That is not working...
I tried to setup chrrot jail for sftp for the help of below link.. but still user can go to another directory.. I want to restrict user to their home directory only...