scponly – limited shell for secure file transfers
A typical usage of scponly is in creating a semi-public account not unlike the concept of anonymous login for ftp. This allows an administrator to share files in the same way an anon ftp setup would, only employing all the protection that ssh provides. This is especially significant if you consider that ftp authentications traverse public networks in a plain text format.
Install scponly in ubuntu
sudo aptitude install scponly
This will complete the instalaltion.
Edit the /etc/shells command to include the scponly shell, which in my testing was installed to /usr/bin. You can simply append /usr/bin/scponly to the end of /etc/shells.
At this point, you should be able to create a user and set the user’s shell to scponly. This will allow the user to use an SCP/SFTP client to transfer files, but it will not allow interactive shell access.
Reconfigure the scponly package so that scponlyc (the chroot version) is activated
sudo dpkg-reconfigure -plow scponly
Answer “Yes”. Now setup the chroot scponly user using the setup_chroot script included to do it. It can’t be an existing user, and don’t create him with adduser. He will be created by the setup_chroot script
sudo gunzip setup_chroot.sh.gz
sudo chmod +x setup_chroot.sh
To make this simpler, lets accept the default answers (scponly for username and home folder). At the end, create the password of scponly user.
Scponlyc has a “bug” and don’t work out of the box.to fix this bug You have to create /dev/null in scponly chroot home folder. the right way to do this is
mknod -m 666 /home/scponly/dev/null c 1 3
exitNow test it from the remote computer
sftp [email protected]
If you login, it worked.
rssh is a similar tool. Besides scp and sftp, it can also support rsync and cvs.
thank you master !!!
it works great !!!
regards from Uruguay
On our Hearty install we were getting “no such file or directory” errors in the auth.log until we touched up some of the libraries in the jail (thanks to dmonty:)
cp -p /lib/libncurses.so.5 lib/
cp -p /lib/libdl.so.2 lib/
cp -p /lib/libc.so.6 lib/
cp -p /lib64/ld-linux-x86-64.so.2 lib64/
I am currently developing/maintaining a limited shell project: lshell.
I let’s you restrict user to a specific set of commands, allow or forbid scp, sftp, and some other features.
I thought you might be interested in trying it.
You can find the details of this project here: http://ghantoos.org/limited-shell-lshell/
An debian/ubuntu package is available: .
Hope this helps,
Ignace M -ghantoos-
I wrestled with this /dev/null bug all day until I found this! Thank you!!!