|
» [Question] sftp - jailed & nologin?| Register | Blogs | Members List | Search | Today's Posts | Mark Forums Read |
|
| Register | Blogs | Members List | Search | Today's Posts | Mark Forums Read |
| General Security Discussions Discuss anything that is security related here. |
|
#1
15th January 2010, 10:45
| ||||
| ||||
| sftp - jailed & nologin?
So i searched a little and not really coming up with what I am looking for so posting it here to ask, its also almost 4am so i'm not about to search irc servers for an answer i'm gonna head to bed. using openssh as the sftp I want to create a jailed nologin user to upload/download without browsing files or exe privs. Example how I would do this in vsftp. useradd --home /jailed/dir --shell /usr/sbin/nologin UserAccountName * This user is not allowed to login to a shell * nologin was added into /etc/shells vsftpd.userlist would contain the above created user name to be allowed to use only the ftp and jailed to its dir. Anyone of do such task for the sftp?
__________________ "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are, in short, a perfect match".  |
|
#2
18th January 2010, 17:46
| ||||
| ||||
| Re: sftp - jailed & nologin?
I might only know it if it was the normal sftp and not vsftpd. I guess Xires might be able to help you or eventually me when I try it out sometime soon :-)
__________________ Code: ____/____\_________________
\|/ | OMG IT'S TEH LEET STORY!! |
/*\ /\ -*- |______ ________/\_________|
// \\ / \ /|\ / \/ \ / \
/// \\\ / \ / \/ \
// \\ / \ / \o/ \ \
| | / \ / | \ \
___| |____/ \______/________/ \_______\_____\_________
/ o \
#"=-
/\
__________________________________________________________
On a mission, to find the lost member of Teh Unkwon.. |
|
#3
20th January 2010, 18:21
| |||
| |||
| Re: sftp - jailed & nologin?
I think what you're looking for is scponly. rssh is also available but in my experience it's not as clean or quite as good. scponly is about as simple as it gets; just install it and set it as the user's shell. That's all there is to it. You don't need to modify your SSHd configuration or anything. Do keep in mind, however, that it can make it somewhat annoying to 'su' to since the 'su' command launches the user's shell as defined in /etc/passwd. Thus, just specify the shell when you wish to su to that user(e.g. su -s ${SHELL} someacct).
__________________ -Xires Last edited by Xires; 20th January 2010 at 18:22. Reason: fix rssh URL |
|
#4
21st January 2010, 07:41
| ||||
| ||||
| Re: sftp - jailed & nologin?
Ya Xires you told me about it in irc but also a good thing to have posted here for others to know as well.
__________________ "...a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are, in short, a perfect match". |
|
#5
2nd February 2010, 17:38
| ||||
| ||||
| Re: sftp - jailed & nologin?
Thanks Xires, i didn't know there was a scponly shell :-) Very much useful, +rep!
__________________ Code: ____/____\_________________
\|/ | OMG IT'S TEH LEET STORY!! |
/*\ /\ -*- |______ ________/\_________|
// \\ / \ /|\ / \/ \ / \
/// \\\ / \ / \/ \
// \\ / \ / \o/ \ \
| | / \ / | \ \
___| |____/ \______/________/ \_______\_____\_________
/ o \
#"=-
/\
__________________________________________________________
On a mission, to find the lost member of Teh Unkwon.. |
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
