Difference between revisions of "Scponly"

From ArchWiki
Jump to: navigation, search
m (Adding a chroot jail)
m (fix heading levels)
Line 1: Line 1:
 
[[Category:Networking (English)]]
 
[[Category:Networking (English)]]
=Introduction=
+
==Introduction==
 
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
 
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
  
=Installation=
+
==Installation==
==Prerequisites==
+
===Prerequisites===
 
This guide assumes that you have the {{codeline|sshd}} daemon installed, configured, and running.
 
This guide assumes that you have the {{codeline|sshd}} daemon installed, configured, and running.
  
==Setup==
+
===Setup===
 
Scponly resides in [community] and can be installed like any other package:
 
Scponly resides in [community] and can be installed like any other package:
  
Line 18: Line 18:
 
That's it.  Go ahead and test it using your favorite sftp client.
 
That's it.  Go ahead and test it using your favorite sftp client.
  
==Adding a chroot jail==
+
===Adding a chroot jail===
  
 
* Create chroot
 
* Create chroot

Revision as of 18:49, 8 September 2011

Introduction

Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.

Installation

Prerequisites

This guide assumes that you have the Template:Codeline daemon installed, configured, and running.

Setup

Scponly resides in [community] and can be installed like any other package:

Template:Cli

If you have a user already created, simply set the user's shell to scponly

Template:Cli

That's it. Go ahead and test it using your favorite sftp client.

Adding a chroot jail

  • Create chroot

Template:Cli Template:Cli

  • Provide answers
  • Check that /path/to/chroot has root:root owner and r-x for others
  • Change shell for selected user to /usr/sbin/scponlyc
  • sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib