On Mon, 4 Apr 2005, Rob Gallagher wrote:
> So I'm thinking it requires some kind of login shell; would
> somthing like rbash do the trick or could I lock it down even
> further with a script that only allows the scp command to be
> executed?
It needs a shell yes.
Note that you can specify in the public key which commands a key is
allowed to run. See man sshd and look at the 'AUTHORIZED_KEYS FILE
FORMAT'. specifying 'no-pty' in the key used might do what you want,
i'm not sure what command scp runs, but if its something distinctive,
specifying command='whatever-command-it-is' might help lock it down
too.
additionally, there are restricted shells, as kevin mentioned.
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Good advice is something a man gives when he is too old to set a bad
example.
-- La Rouchefoucauld
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
