scponly – limited shell for secure file transfers
Sponsored Link
A typical usage of scponly is in creating a semi-public account not unlike the concept of anonymous login for ftp. This allows an administrator to share files in the same way an anon ftp setup would, only employing all the protection that ssh provides. This is especially significant if you consider that ftp authentications traverse public networks in a plain text format.
Install scponly in ubuntu
sudo aptitude install scponly
This will complete the instalaltion.
Configuring scponly
Edit the /etc/shells command to include the scponly shell, which in my testing was installed to /usr/bin. You can simply append /usr/bin/scponly to the end of /etc/shells.
At this point, you should be able to create a user and set the user’s shell to scponly. This will allow the user to use an SCP/SFTP client to transfer files, but it will not allow interactive shell access.
Chroot SFTP
Reconfigure the scponly package so that scponlyc (the chroot version) is activated
sudo dpkg-reconfigure -plow scponly
Answer “Yes”. Now setup the chroot scponly user using the setup_chroot script included to do it. It can’t be an existing user, and don’t create him with adduser. He will be created by the setup_chroot script
cd /usr/share/doc/scponly/setup_chroot
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh
sudo ./setup_chroot.sh
To make this simpler, lets accept the default answers (scponly for username and home folder). At the end, create the password of scponly user.
Scponlyc has a “bug” and don’t work out of the box.to fix this bug You have to create /dev/null in scponly chroot home folder. the right way to do this is
sudo -i
cd /home/scponly
mkdir /home/scponly/dev
mknod -m 666 /home/scponly/dev/null c 1 3
exitNow test it from the remote computer
sftp scponly@server
If you login, it worked.
rssh is a similar tool. Besides scp and sftp, it can also support rsync and cvs.
thank you master !!!
it works great !!!
regards from Uruguay
On our Hearty install we were getting “no such file or directory” errors in the auth.log until we touched up some of the libraries in the jail (thanks to dmonty:)
cp -p /lib/libncurses.so.5 lib/
cp -p /lib/libdl.so.2 lib/
cp -p /lib/libc.so.6 lib/
mkdir lib64
cp -p /lib64/ld-linux-x86-64.so.2 lib64/
Hello,
I am currently developing/maintaining a limited shell project: lshell.
I let’s you restrict user to a specific set of commands, allow or forbid scp, sftp, and some other features.
I thought you might be interested in trying it.
You can find the details of this project here: http://ghantoos.org/limited-shell-lshell/
An debian/ubuntu package is available: .
Hope this helps,
Cheers,
Ignace M -ghantoos-
I wrestled with this /dev/null bug all day until I found this! Thank you!!!