Difference between revisions of "Scponly"

From ArchWiki
Jump to: navigation, search
(replace moved content with redirect to new target; re Talk; move commit: https://wiki.archlinux.org/index.php?title=SCP_and_SFTP&type=revision&diff=379780&oldid=379779)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
#REDIRECT [[SCP and SFTP#Scponly]]
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
+
 
+
==Installation==
+
===Prerequisites===
+
This guide assumes that you have the {{Ic|sshd}} daemon installed, configured, and running. See [[Secure Shell]] for more information.
+
 
+
===Setup===
+
Scponly resides in [community] and can be installed like any other package:
+
 
+
{{bc|# pacman -S scponly}}
+
 
+
If you have a user already created, simply set the user's shell to scponly
+
 
+
{{bc|# usermod -s /usr/bin/scponly username}}
+
 
+
That's it.  Go ahead and test it using your favorite sftp client.
+
 
+
===Adding a chroot jail===
+
 
+
* Create chroot
+
{{bc|# cd /usr/share/doc/scponly/}}
+
{{bc|# ./setup_chroot.sh}}
+
* Provide answers
+
* Check that /path/to/chroot has root:root owner and r-x for others
+
* Change shell for selected user to /usr/sbin/scponlyc
+
* sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib
+

Latest revision as of 22:48, 22 June 2015