Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
This guide assumes that you have the Template:Codeline daemon installed, configured, and running.
Scponly resides in [community] and can be installed like any other package:
If you have a user already created, simply set the user's shell to scponly
That's it. Go ahead and test it using your favorite sftp client.
Adding a chroot jail
- Create chroot
# cd /usr/share/doc/scponly/ # ./setup_chroot.sh
- Provide answers
- Check that /path/to/chroot has root:root owner and r-x for others
- Change shell for selected user to /usr/sbin/scponlyc
- sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib