Difference between revisions of "Scponly"

From ArchWiki
Jump to: navigation, search
(mirror deletion request from talk page)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
{{Deletion|1=Openssh has this feature built-in since 2008 (see http://undeadly.org/cgi?action=article&sid=20080220110039 ) and scponly hasn't been updated in the major version since 2008 as well (see http://sourceforge.net/projects/scponly/files/ ). See also {{Bug|37652}}.|section=scponly page should be removed.}}
 
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
 
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
  

Revision as of 01:45, 6 November 2013

Tango-edit-cut.pngThis section is being considered for removal.Tango-edit-cut.png

Reason: Openssh has this feature built-in since 2008 (see http://undeadly.org/cgi?action=article&sid=20080220110039 ) and scponly hasn't been updated in the major version since 2008 as well (see http://sourceforge.net/projects/scponly/files/ ). See also FS#37652. (Discuss in Talk:Scponly#scponly page should be removed.)

Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.

Installation

Prerequisites

This guide assumes that you have the sshd daemon installed, configured, and running. See Secure Shell for more information.

Setup

Scponly resides in [community] and can be installed like any other package:

# pacman -S scponly

If you have a user already created, simply set the user's shell to scponly

# usermod -s /usr/bin/scponly username

That's it. Go ahead and test it using your favorite sftp client.

Adding a chroot jail

  • Create chroot
# cd /usr/share/doc/scponly/
# ./setup_chroot.sh
  • Provide answers
  • Check that /path/to/chroot has root:root owner and r-x for others
  • Change shell for selected user to /usr/sbin/scponlyc
  • sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib