From ArchWiki
Revision as of 01:45, 6 November 2013 by Kynikos (Talk | contribs) (mirror deletion request from talk page)

Jump to: navigation, search

Tango-edit-cut.pngThis section is being considered for removal.Tango-edit-cut.png

Reason: Openssh has this feature built-in since 2008 (see ) and scponly hasn't been updated in the major version since 2008 as well (see ). See also FS#37652. (Discuss in Talk:Scponly#scponly page should be removed.)

Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.



This guide assumes that you have the sshd daemon installed, configured, and running. See Secure Shell for more information.


Scponly resides in [community] and can be installed like any other package:

# pacman -S scponly

If you have a user already created, simply set the user's shell to scponly

# usermod -s /usr/bin/scponly username

That's it. Go ahead and test it using your favorite sftp client.

Adding a chroot jail

  • Create chroot
# cd /usr/share/doc/scponly/
# ./
  • Provide answers
  • Check that /path/to/chroot has root:root owner and r-x for others
  • Change shell for selected user to /usr/sbin/scponlyc
  • sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib