On 11 Jan 2002, at 0:06, martin f krafft wrote:
>
> --+xNpyl7Qekk2NvDX
> Content-Type: text/plain; charset=iso-8859-15
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> also sprach Marcel Hicking <[EMAIL PROTECTED]>
> [2002.01.10.1646 +0100]: > /bin/true will log you
On 11 Jan 2002, at 0:06, martin f krafft wrote:
>
> --+xNpyl7Qekk2NvDX
> Content-Type: text/plain; charset=iso-8859-15
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> also sprach Marcel Hicking <[EMAIL PROTECTED]>
> [2002.01.10.1646 +0100]: > /bin/true will log you
also sprach Marcel Hicking <[EMAIL PROTECTED]> [2002.01.10.1646 +0100]:
> /bin/true will log you out right away,
> and therefore you cannot start scp.
> I've doublechecked this yesterday, and
> even tried to put "exit " into the .bashrc
> *This* did work fine, no ssh anymore, but scp
> works. But!
also sprach Marcel Hicking <[EMAIL PROTECTED]> [2002.01.10.1646 +0100]:
> What about sftp?
> Clients should be available by now. I mean,
> Windooze clients ;-)
> As secure as scp, as restricted as ftp.
but you still need to enable a shell and ssh, because sftp does nothing
else but pipe over ssh..
also sprach Marcel Hicking <[EMAIL PROTECTED]> [2002.01.10.1646 +0100]:
> /bin/true will log you out right away,
> and therefore you cannot start scp.
> I've doublechecked this yesterday, and
> even tried to put "exit " into the .bashrc
> *This* did work fine, no ssh anymore, but scp
> works. But!
also sprach Marcel Hicking <[EMAIL PROTECTED]> [2002.01.10.1646 +0100]:
> What about sftp?
> Clients should be available by now. I mean,
> Windooze clients ;-)
> As secure as scp, as restricted as ftp.
but you still need to enable a shell and ssh, because sftp does nothing
else but pipe over ssh.
On Thu, Jan 10, 2002 at 04:46:26PM +0100, Marcel Hicking wrote:
> No way.
> /bin/true will log you out right away,
> and therefore you cannot start scp.
> I've doublechecked this yesterday, and
> even tried to put "exit " into the .bashrc
> *This* did work fine, no ssh anymore, but scp
> works. But
nd rm to remove it.
So I'd say: No way, indeed.
Cheers, Marcel
On 9 Jan 2002, at 21:19, Tim Quinlan wrote:
> how about setting the user's shell to /bin/true. this
> allows ftp, but no login shell. so it may work for scp as
> well.
>
> -- Forwarded Message
ay work for scp as
> well.
>
> -- Forwarded Message ----------
> Subject: scp, no ssh
> Date: Wed, 9 Jan 2002 09:49:10 +0100
> From: Robert Janusz <[EMAIL PROTECTED]>
> To: debian-isp@lists.debian.org
>
>
> How to allow, for some users' IPs, only
What about setting rbash as login shell and then PATH=/usr/local/bin
in .bash_profile and then ln -s /usr/bin/scp /usr/local/bin/scp and
and and then chattr +i .bash_profile
That is what i do and it works ( as far as i know .. )
--
__
On Thu, Jan 10, 2002 at 04:46:26PM +0100, Marcel Hicking wrote:
> No way.
> /bin/true will log you out right away,
> and therefore you cannot start scp.
> I've doublechecked this yesterday, and
> even tried to put "exit " into the .bashrc
> *This* did work fine, no ssh anymore, but scp
> works. Bu
nd rm to remove it.
So I'd say: No way, indeed.
Cheers, Marcel
On 9 Jan 2002, at 21:19, Tim Quinlan wrote:
> how about setting the user's shell to /bin/true. this
> allows ftp, but no login shell. so it may work for scp as
> well.
>
> -- Forwarded Message
ay work for scp as
> well.
>
> -- Forwarded Message ----------
> Subject: scp, no ssh
> Date: Wed, 9 Jan 2002 09:49:10 +0100
> From: Robert Janusz <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
>
>
> How to allow, for some users' IPs, only scp an
What about setting rbash as login shell and then PATH=/usr/local/bin
in .bash_profile and then ln -s /usr/bin/scp /usr/local/bin/scp and
and and then chattr +i .bash_profile
That is what i do and it works ( as far as i know .. )
--
__
Hi,
Found something which looks like it might do the trick:
http://www.sublimation.org/scponly/
Haven't tried it myself, though...
Regards,
Bennet
On Thu, 2002-01-10 at 05:51, Jeff Norman wrote:
>
> Now, the trick is to replace bob's shell with a (perl?) script that
> takes -c argument passed
also sprach Joel Michael <[EMAIL PROTECTED]> [2002.01.10.0323 +0100]:
> This is true, but you can still (probably) use ssh to execute commands,
> like /bin/sh, and effectively get a shell.
that's not possible either. try it.
--
martin; (greetings from the heart of the sun.)
\
also sprach Gernot Glawe <[EMAIL PROTECTED]> [2002.01.10.0905 +0100]:
> What about setting ssh and scp to a diffenrent user an make appropiate
> sudo settings ?
and how do you want to get that working remotely? i supposed you could
create a shell script scp and a shell script ssh that would call
s
also sprach Tim Quinlan <[EMAIL PROTECTED]> [2002.01.10.0319 +0100]:
> how about setting the user's shell to /bin/true. this allows ftp, but no
> login shell. so it may work for scp as well.
nope. as i said, scp uses ssh and needs a shell
--
martin; (greetings from the heart of t
Hi,
Found something which looks like it might do the trick:
http://www.sublimation.org/scponly/
Haven't tried it myself, though...
Regards,
Bennet
On Thu, 2002-01-10 at 05:51, Jeff Norman wrote:
>
> Now, the trick is to replace bob's shell with a (perl?) script that
> takes -c argument passe
What about setting ssh and scp to a diffenrent user an make appropiate sudo
settings ?
> Resent-Sender: [EMAIL PROTECTED]
> Resent-Bcc:
> Resent-Date: Thu, 10 Jan 2002 03:24:06 +0100
>
> On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> > how about setting the user's shell to /bin/true. this al
also sprach Joel Michael <[EMAIL PROTECTED]> [2002.01.10.0323 +0100]:
> This is true, but you can still (probably) use ssh to execute commands,
> like /bin/sh, and effectively get a shell.
that's not possible either. try it.
--
martin; (greetings from the heart of the sun.)
\
also sprach Gernot Glawe <[EMAIL PROTECTED]> [2002.01.10.0905 +0100]:
> What about setting ssh and scp to a diffenrent user an make appropiate
> sudo settings ?
and how do you want to get that working remotely? i supposed you could
create a shell script scp and a shell script ssh that would call
also sprach Tim Quinlan <[EMAIL PROTECTED]> [2002.01.10.0319 +0100]:
> how about setting the user's shell to /bin/true. this allows ftp, but no
> login shell. so it may work for scp as well.
nope. as i said, scp uses ssh and needs a shell
--
martin; (greetings from the heart of
What about setting ssh and scp to a diffenrent user an make appropiate sudo settings ?
> Resent-Sender: [EMAIL PROTECTED]
> Resent-Bcc:
> Resent-Date: Thu, 10 Jan 2002 03:24:06 +0100
>
> On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> > how about setting the user's shell to /bin/true. this al
On Wed, 2002-01-09 at 21:23, Joel Michael wrote:
> On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> > how about setting the user's shell to /bin/true. this allows ftp, but no
> > login shell. so it may work for scp as well.
> >
> This is true, but you can still (probably) use ssh to execute co
On Wednesday 09 January 2002 21:23, Joel Michael wrote:
> On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> > how about setting the user's shell to /bin/true. this allows ftp, but no
> > login shell. so it may work for scp as well.
>
> This is true, but you can still (probably) use ssh to execute
On Wed, 2002-01-09 at 21:23, Joel Michael wrote:
> On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> > how about setting the user's shell to /bin/true. this allows ftp, but no
> > login shell. so it may work for scp as well.
> >
> This is true, but you can still (probably) use ssh to execute c
On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> how about setting the user's shell to /bin/true. this allows ftp, but no
> login shell. so it may work for scp as well.
>
This is true, but you can still (probably) use ssh to execute commands,
like /bin/sh, and effectively get a shell.
--
Joel
how about setting the user's shell to /bin/true. this allows ftp, but no
login shell. so it may work for scp as well.
-- Forwarded Message --
Subject: scp, no ssh
Date: Wed, 9 Jan 2002 09:49:10 +0100
From: Robert Janusz <[EMAIL PROTECTED]>
To: debian-isp@lists
On Wednesday 09 January 2002 21:23, Joel Michael wrote:
> On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> > how about setting the user's shell to /bin/true. this allows ftp, but no
> > login shell. so it may work for scp as well.
>
> This is true, but you can still (probably) use ssh to execut
On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote:
> how about setting the user's shell to /bin/true. this allows ftp, but no
> login shell. so it may work for scp as well.
>
This is true, but you can still (probably) use ssh to execute commands,
like /bin/sh, and effectively get a shell.
--
Joe
how about setting the user's shell to /bin/true. this allows ftp, but no
login shell. so it may work for scp as well.
-- Forwarded Message --
Subject: scp, no ssh
Date: Wed, 9 Jan 2002 09:49:10 +0100
From: Robert Janusz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTE
On Wed, Jan 09, 2002 at 02:38:30PM +0100, martin f krafft wrote:
> also sprach Robert Janusz <[EMAIL PROTECTED]> [2002.01.09.0949 +0100]:
> > How to allow, for some users' IPs, only scp and no ssh?
>
> i don't think you can, since scp actually uses ssh as its backend...
You're right. This is not
also sprach Robert Janusz <[EMAIL PROTECTED]> [2002.01.09.0949 +0100]:
> How to allow, for some users' IPs, only scp and no ssh?
you *could* disable their passwords, give them DSA identities, and use
the authorized_keys file to specify that this identity may only run the
scp command...
--
martin
also sprach Robert Janusz <[EMAIL PROTECTED]> [2002.01.09.0949 +0100]:
> How to allow, for some users' IPs, only scp and no ssh?
i don't think you can, since scp actually uses ssh as its backend...
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "
On Wed, Jan 09, 2002 at 02:38:30PM +0100, martin f krafft wrote:
> also sprach Robert Janusz <[EMAIL PROTECTED]> [2002.01.09.0949 +0100]:
> > How to allow, for some users' IPs, only scp and no ssh?
>
> i don't think you can, since scp actually uses ssh as its backend...
You're right. This is not
also sprach Robert Janusz <[EMAIL PROTECTED]> [2002.01.09.0949 +0100]:
> How to allow, for some users' IPs, only scp and no ssh?
you *could* disable their passwords, give them DSA identities, and use
the authorized_keys file to specify that this identity may only run the
scp command...
--
marti
also sprach Robert Janusz <[EMAIL PROTECTED]> [2002.01.09.0949 +0100]:
> How to allow, for some users' IPs, only scp and no ssh?
i don't think you can, since scp actually uses ssh as its backend...
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr
How to allow, for some users' IPs, only scp and no ssh?
How to allow, for some users' IPs, only scp and no ssh?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
40 matches
Mail list logo