Security Basics mailing list archives
Re: openssh public Key Athentication - with restrickted login shell
From: Phillip Macey <phillip.macey () cisra canon com au>
Date: Wed, 11 Nov 2009 09:30:30 +1100
Jannis Kafkoulas wrote:
Specify a command for that public key to run on connection. I use something like this on some of my machines to allow a particular key to only scp a particular file. command="sh -c 'scp -t /home/username/filename'" ssh-dss ABCD....ufHlMaTj7= my openssh public keyHi, I'd like too use scp to transfer data to a Linux box out of a perl script using public key authentication(with no passphrase:-( ). As long as the used userid has a regular account on that server everything works fine.But for higher security I'd like the user not to be able to login, so I gave him a "nologin shell" in the /etc/paswd. In this case its also inposible to authenticate as before.So I thought it should be a working but restricted "login shell", which is sufficient enough for that user complete the authentication and to do its scp file transfer, nothing else. Any idea?
You can find out exactly what command you need to use in authorized_keys by running 'scp -v' on the client side. One of the things it prints out is the name of the command that it is trying to run. I have not set the login shell for my username to nologin but I would presume that you should be able to do that and still have the scp working.
-- Thanks, Phill Macey (CiSRA IT Services) ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- openssh public Key Athentication - with restrickted login shell Jannis Kafkoulas (Nov 09)
- Re: openssh public Key Athentication - with restrickted login shell Robin Wood (Nov 10)
- RE: openssh public Key Athentication - with restrickted login shell Chris Firth (Nov 10)
- Re: openssh public Key Athentication - with restrickted login shell Phillip Macey (Nov 12)