Difference between revisions of "Scponly"

From ArchWiki
Jump to: navigation, search
(replace moved content with redirect to new target; re Talk; move commit: https://wiki.archlinux.org/index.php?title=SCP_and_SFTP&type=revision&diff=379780&oldid=379779)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
#REDIRECT [[SCP and SFTP#Scponly]]
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
 
 
 
==Installation==
 
===Prerequisites===
 
This guide assumes that you have the {{Ic|sshd}} daemon installed, configured, and running. See [[Secure Shell]] for more information.
 
 
 
===Setup===
 
Scponly resides in [community] and can be installed like any other package:
 
 
 
{{bc|# pacman -S scponly}}
 
 
 
If you have a user already created, simply set the user's shell to scponly
 
 
 
{{bc|# usermod -s /usr/bin/scponly username}}
 
 
 
That's it.  Go ahead and test it using your favorite sftp client.
 
 
 
===Adding a chroot jail===
 
 
 
* Create chroot
 
{{bc|# cd /usr/share/doc/scponly/}}
 
{{bc|# ./setup_chroot.sh}}
 
* Provide answers
 
* Check that /path/to/chroot has root:root owner and r-x for others
 
* Change shell for selected user to /usr/sbin/scponlyc
 
* sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib
 

Latest revision as of 22:48, 22 June 2015