Difference between revisions of "Scponly"

From ArchWiki
Jump to: navigation, search
(replace moved content with redirect to new target; re Talk; move commit: https://wiki.archlinux.org/index.php?title=SCP_and_SFTP&type=revision&diff=379780&oldid=379779)
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
#REDIRECT [[SCP and SFTP#Scponly]]
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
This guide assumes that you have the {{Ic|sshd}} daemon installed, configured, and running. See [[Secure Shell]] for more information.
Scponly resides in [community] and can be installed like any other package:
{{bc|# pacman -S scponly}}
If you have a user already created, simply set the user's shell to scponly
{{bc|# usermod -s /usr/bin/scponly username}}
That's it.  Go ahead and test it using your favorite sftp client.
===Adding a chroot jail===
* Create chroot
{{bc|# cd /usr/share/doc/scponly/}}
{{bc|# ./setup_chroot.sh}}
* Provide answers
* Check that /path/to/chroot has root:root owner and r-x for others
* Change shell for selected user to /usr/sbin/scponlyc
* sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib

Latest revision as of 22:48, 22 June 2015