Ubuntu Geek

Ubuntu Linux Tips,Howtos&Tutorials|Edgy,Feisty,Gutsy,Hardy

  • Subscribe RSS Feed

    subscribe to the ubuntu Geek RSS feed




  • Sponsor

  • Categories

  • Meta

  • Sponsor

  • Archives



  • WidgetBucks - Trend Watch - WidgetBucks.com
« Howto Install Clam AntiVirus with GTK frontend GUI
mtr - Full screen ncurses and X11 traceroute tool »

scponly - limited shell for secure file transfers

Posted by admin on March 1st, 2008 Email This Post Email This Post

scponly is an alternative ’shell’ (of sorts) for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution privileges. Functionally, it is best described as a wrapper to the tried and true ssh suite of applications.

A typical usage of scponly is in creating a semi-public account not unlike the concept of anonymous login for ftp. This allows an administrator to share files in the same way an anon ftp setup would, only employing all the protection that ssh provides. This is especially significant if you consider that ftp authentications traverse public networks in a plain text format.

Install scponly in ubuntu

sudo aptitude install scponly

This will complete the instalaltion.

Configuring scponly

Edit the /etc/shells command to include the scponly shell, which in my testing was installed to /usr/bin. You can simply append /usr/bin/scponly to the end of /etc/shells.

At this point, you should be able to create a user and set the user’s shell to scponly. This will allow the user to use an SCP/SFTP client to transfer files, but it will not allow interactive shell access.

Chroot SFTP

Reconfigure the scponly package so that scponlyc (the chroot version) is activated

sudo dpkg-reconfigure -plow scponly

Answer “Yes”. Now setup the chroot scponly user using the setup_chroot script included to do it. It can’t be an existing user, and don’t create him with adduser. He will be created by the setup_chroot script

cd /usr/share/doc/scponly/setup_chroot
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh
sudo ./setup_chroot.sh

To make this simpler, lets accept the default answers (scponly for username and home folder). At the end, create the password of scponly user.

Scponlyc has a “bug” and don’t work out of the box.to fix this bug You have to create /dev/null in scponly chroot home folder. the right way to do this is

sudo -i

cd /home/scponly

mkdir /home/scponly/dev

mknod -m 666 /home/scponly/dev/null c 1 3

exitNow test it from the remote computer

sftp scponly@server

If you login, it worked.

If you want to be notified the next time we write something please subscribe to our RSS feed.Thanks for Visiting!

Related Articles

This entry was posted on Saturday, March 1st, 2008 at 12:03 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “scponly - limited shell for secure file transfers”

  1. weakish Says:
    April 30th, 2008 at 2:52 pm

    rssh is a similar tool. Besides scp and sftp, it can also support rsync and cvs.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« Howto Install Clam AntiVirus with GTK frontend GUI
mtr - Full screen ncurses and X11 traceroute tool »
 
Copyright©2008 . All Rights Reserved