On Mon, Jun 25, 2007 at 11:18:00PM -0300, Guido Barosio wrote: > Caught this message and I am currently wondering why a /bin/false'ed > passwd file should allow a scp to get in the host and attempt the > copy.
OpenSSH does the authentication... it doesn't need to care what your shell is for the authentication to succeed. All that matters for login to be successful is for some configured authentication mechanism to succeed; i.e. the user's supplied password matches what's CRYPTed in the passwd file, or the user's private key matches the public key stored in the user's authorized keys file, etc. None of this requires the shell to work. For the scp to succeed, the user needs a working shell, because sshd will start the user's shell in order to have it execute the scp command on the remote system. If the shell doesn't work, the scp command will never run... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgpZ00f0WaYoz.pgp
Description: PGP signature
