Date: 18 Jul 2002 00:40:11 +0000 From: Wayne Pascoe <freebsd@penguinpowered.org.uk> To: Ken McGlothlen <mcglk@artlogix.com> Cc: questions@freebsd.org Subject: Re: scp and non-shell accounts. Message-ID: <m265zdswb8.fsf@set.home.penguinpowered.org.uk> In-Reply-To: <86n0sqxdo9.fsf@ralf.artlogix.com> References: <86n0sqxdo9.fsf@ralf.artlogix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken McGlothlen <mcglk@artlogix.com> writes: > I want my users to be able to transfer files to the production > webserver using scp or sftp, but not to have shell access on the > production webserver. > > So on the production machine, each of these users has a home directory, and a > shell of /sbin/nologin. > > The problem is, this seems to trounce scp and sftp. I get > > wibble@staging:~(1)$ scp transfer.txt wibble@prod:~ > wibble@prod's password: [type password] > > This account is currently not available. [from /sbin/nologin] > wibble@staging:~(2)$ sftp prod > Connecting to prod... > wibble@prod's password: [type password] > Received message too long 173237622 > wibble@staging:~(3)$ _ > > Do I really have to permit shell access for these accounts in order > to use scp or sftp? You do have to permit shell access, but you can use a nice restrictive shell. I can't remember where I found it originally (Byron - If you're reading this can you post the location), but there is a shell out there called scponly. Using this means that scp functions work ok but a user cannot actually login to the machine. This I hope will suit your purpose? If you can't find it on google, mail me and I'll hunt out the URL. Regards, -- - Wayne Pascoe - http://www.penguinpowered.org.uk/wayne/ I'm from Iowa. I just work in space. Admiral Kirk - Star Trek IV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m265zdswb8.fsf>