Karl Cunningham wrote: > Let me preface... This question is 90% academic and 10% practical. It > stems from a bit of paranoia spawning curiosity. > > I know ssh public keys can include an option to only allow a specified > command to be executed using that key. Is there a way to get it to > allow a file transfer with scp but not allow a shell to be started using > that key? I do want to allow shells using a different key. >
Quick and incomplete answer: It's not the keys that have such options, it's a question of server configuration that determines what capabilities are granted to a user (authenticated by eg, matching a certain public key). The subject matter to search on, I think, is ssh "per account server configuration" Your question might be re-posed as involving: How to provide scp only access via per-account server configuration? which, in fact, seems to trigger some google hits (that I haven't followed <heh>). ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
