And you damn well ensure that they can not modify .ssh/ in any respect. Mainly by just adding a public key to the authorized_keys file(s) with the right options.
Just make sure you review all SSH's features before you implement things. - Ben On Thu, 4 Oct 2001, Peter, Attila wrote: > Hi, > > For your particular user you have to create a special shell > that will act as a scp partner on the remote side. This can > be a shell script with the following content: > > exec /usr/local/bin/scp -t $HOME > > This makes possible to transfer files but only to > the $HOME directory (and below). And of course this user > will never get an interactive session. > > Attila > > -----Original Message----- > From: Timothy Reaves [mailto:[EMAIL PROTECTED]] > Sent: Mittwoch, 3. Oktober 2001 18:03 > To: [EMAIL PROTECTED] > Subject: scp & no shell question > > > I looked over the archives, and saw a couple of threads with a > similar > theme, but none fit my needs. I also want to allow scp'ing to my server > without login. The one script that a helpful user posted won't work for > me, as the scp'ing is not done from the command line, but via another > program (using the protocol programatically, not shelling to use the > actual scp command). > > When I specify /bin/false - or /bin/true - as the shell, scp fails. > So > that doesn't work. When I specify /bin/bash, my app works. I thought > perhaps this was because sshd was checking to see if the user could log > in, and if not, wouldn't allow file transfer either. I could be wrong. > > Any ideas? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
