Re: [Q] create account which can only transfer file use SSH????
From: Ian Mortimer (ian_at_physics.uq.edu.au)
Date: 01/10/05
- Previous message: Matthew Saltzman: "Re: redhat-config-securitylevel problem"
- In reply to: mcclnx mcc: "[Q] create account which can only transfer file use SSH????"
- Next in thread: Pete Nesbitt: "Re: [Q] create account which can only transfer file use SSH????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: Mon, 10 Jan 2005 11:27:14 +1000
On Sat, 2005-01-08 at 02:17, mcclnx mcc wrote:
> We have Redhat AS 2.1 nad 3.0 installed on servers.
> Due to security reason, we disable FTP and TELNET.
> Server onlly support SSH.
>
> We plan to create a account which can ONLY login and
> transfer data use scp or winscp on PC site (similiar
> to FTP function).
>
> Any one know how to set it up on Redhat?
One way to do this is to generate a key pair (ssh-keygen) for
the user and add the public key to the .ssh/authorized_keys file
with a forced command. Something like:
command="scp -t _directory_" ssh-rsa AAAA...
(replace _directory_ with the actual path).
Using the private key they'll be able to scp files to the specified
directory but not login. For security you could protect the private
key with a passphrase (*) and restrict the keys use to a specific host
or domain:
from="host.domain.net",command=....
(*) This is more difficult if the scp is automated.
Another way would be to give the user a shell which only allows
them to use scp.
-- Ian -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Matthew Saltzman: "Re: redhat-config-securitylevel problem"
- In reply to: mcclnx mcc: "[Q] create account which can only transfer file use SSH????"
- Next in thread: Pete Nesbitt: "Re: [Q] create account which can only transfer file use SSH????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
