-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi all...
so, wanted to share my cool discovery of the day: how to make a scp/sftp only
account. as you likely know, if you set a user's shell to /bin/false with the
intention of not letting them ssh into the machine, that also cuts off their
ability to scp or sftp in. one may want to offer scp or sftp but _not_ a full
shell via ssh. up till today i didn't have any handy tool to do this, but
today i _had_ to... after a bit of googling i found a small C program that
you can set as the user's "shell" in /etc/passwd and it limits them to sftp
and/or scp. it could be made more clever, i'm sure, and i'm sure that one day
openssh will have such stuff built-in. but until then, i've got this
hand-dandy little app...
if interested, you can grab the silly thing at:
http://urbanlizard.com/~aseigo/rssh.c
there are installation instructions in the source file:
head -n 52 rssh.c | tail -n 19
whee....
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/ncut1rcusafx20MRAmlIAKCS5b3+tjSO6Ult8DdrQch9Gqh+VQCfTfsE
U/C2e28WxmOIkQL13OOB2Pc=
=Ab3R
-----END PGP SIGNATURE-----
