Red Hat Configuration - Newbie question over ssh/sftp

This is Interesting: Free IT Magazines  
Home > Archive > Red Hat Configuration > January 2004 > Newbie question over ssh/sftp





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Newbie question over ssh/sftp
Dennis Peere

2004-01-23, 7:24 pm

Dear all,
I've got the following packages installed on my RH8.0 system :
package openssh-3.4p1-2.i386.rpm
package openssh-askpass-3.4p1-2.i386.rpm
package openssh-askpass-gnome-3.4p1-2.i386.rpm
package openssh-clients-3.4p1-2.i386.rpm
package openssh-server-3.4p1-2.i386.rpm
Ik can connect to the sshd with all local linux users I've created and I'd
like to keep it that way.
However I'd like only one user (marc) to be able to connect for scp/sftp.
When I add AllowUsers marc to the /etc/sshd.config, this means only marc
gets ssh access as well :-(
How can I configure seperate users for scp/sftp and ssh please ?
Regards,
Dennis



Alexander Dalloz

2004-01-23, 7:25 pm

On Thu, 15 Jan 2004 09:46:02 +0100 Dennis Peere wrote:
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created and I'd
> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for scp/sftp.
> When I add AllowUsers marc to the /etc/sshd.config, this means only marc
> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?
> Regards,
> Dennis


Try scponly -> http://www.sublimation.org/scponly/

Alexander


--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653

Alexander Dalloz

2004-01-23, 7:25 pm

On Thu, 15 Jan 2004 09:46:02 +0100 Dennis Peere wrote:
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created and I'd
> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for scp/sftp.
> When I add AllowUsers marc to the /etc/sshd.config, this means only marc
> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?
> Regards,
> Dennis


Try scponly -> http://www.sublimation.org/scponly/

Alexander


--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653

Alexander Dalloz

2004-01-23, 7:25 pm

On Thu, 15 Jan 2004 09:46:02 +0100 Dennis Peere wrote:
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created and I'd
> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for scp/sftp.
> When I add AllowUsers marc to the /etc/sshd.config, this means only marc
> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?
> Regards,
> Dennis


Try scponly -> http://www.sublimation.org/scponly/

Alexander


--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653

David Efflandt

2004-01-23, 7:25 pm

On Thu, 15 Jan 2004 09:46:02 +0100, Dennis Peere <sycrontw@hotmail.com> wrote:
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created and I'd
> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for scp/sftp.
> When I add AllowUsers marc to the /etc/sshd.config, this means only marc
> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?


I do not understand why it would matter. If they have ssh (shell) access
then they could use other methods to move data to or from that system if
scp/sftp were not available. So it would not help anything from a
security standpoint to allow ssh and disallow scp/sftp, unless a user is
totally clueless.

--
David Efflandt - All spam ignored http://www.de-srv.com/
David Efflandt

2004-01-23, 7:25 pm

On Thu, 15 Jan 2004 09:46:02 +0100, Dennis Peere <sycrontw@hotmail.com> wrote:
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created and I'd
> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for scp/sftp.
> When I add AllowUsers marc to the /etc/sshd.config, this means only marc
> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?


I do not understand why it would matter. If they have ssh (shell) access
then they could use other methods to move data to or from that system if
scp/sftp were not available. So it would not help anything from a
security standpoint to allow ssh and disallow scp/sftp, unless a user is
totally clueless.

--
David Efflandt - All spam ignored http://www.de-srv.com/
David Efflandt

2004-01-23, 7:25 pm

On Thu, 15 Jan 2004 09:46:02 +0100, Dennis Peere <sycrontw@hotmail.com> wrote:
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created and I'd
> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for scp/sftp.
> When I add AllowUsers marc to the /etc/sshd.config, this means only marc
> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?


I do not understand why it would matter. If they have ssh (shell) access
then they could use other methods to move data to or from that system if
scp/sftp were not available. So it would not help anything from a
security standpoint to allow ssh and disallow scp/sftp, unless a user is
totally clueless.

--
David Efflandt - All spam ignored http://www.de-srv.com/
Troy Piggins

2004-01-23, 7:25 pm

"Dennis Peere" <sycrontw@hotmail.com> wrote in message
news:40065346$0$1159$ba620e4c@news.skynet.be...
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created

and I'd
quote:

> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for

scp/sftp.
quote:

> When I add AllowUsers marc to the /etc/sshd.config, this means

only marc
quote:

> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?
> Regards,
> Dennis


What about adding entries in /etc/hosts.allow and /etc/hosts.deny?
--
T R O Y P I G G I N S
e : troy@piggo.com


Troy Piggins

2004-01-23, 7:25 pm

"Dennis Peere" <sycrontw@hotmail.com> wrote in message
news:40065346$0$1159$ba620e4c@news.skynet.be...
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created

and I'd
quote:

> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for

scp/sftp.
quote:

> When I add AllowUsers marc to the /etc/sshd.config, this means

only marc
quote:

> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?
> Regards,
> Dennis


What about adding entries in /etc/hosts.allow and /etc/hosts.deny?
--
T R O Y P I G G I N S
e : troy@piggo.com


Troy Piggins

2004-01-23, 7:25 pm

"Dennis Peere" <sycrontw@hotmail.com> wrote in message
news:40065346$0$1159$ba620e4c@news.skynet.be...
quote:

> Dear all,
> I've got the following packages installed on my RH8.0 system :
> package openssh-3.4p1-2.i386.rpm
> package openssh-askpass-3.4p1-2.i386.rpm
> package openssh-askpass-gnome-3.4p1-2.i386.rpm
> package openssh-clients-3.4p1-2.i386.rpm
> package openssh-server-3.4p1-2.i386.rpm
> Ik can connect to the sshd with all local linux users I've created

and I'd
quote:

> like to keep it that way.
> However I'd like only one user (marc) to be able to connect for

scp/sftp.
quote:

> When I add AllowUsers marc to the /etc/sshd.config, this means

only marc
quote:

> gets ssh access as well :-(
> How can I configure seperate users for scp/sftp and ssh please ?
> Regards,
> Dennis


What about adding entries in /etc/hosts.allow and /etc/hosts.deny?
--
T R O Y P I G G I N S
e : troy@piggo.com


Dennis Peere

2004-01-23, 7:25 pm


"Troy Piggins" <troy@piggo.com> wrote in message
news:fd4Pb.19617$Wa.938@news-server.bigpond.net.au...
quote:

> "Dennis Peere" <sycrontw@hotmail.com> wrote in message
> news:40065346$0$1159$ba620e4c@news.skynet.be...
> and I'd
> scp/sftp.
> only marc
>
> What about adding entries in /etc/hosts.allow and /etc/hosts.deny?
> --
> T R O Y P I G G I N S
> e : troy@piggo.com
>
>

I needed user based authentication but it seems you cant allow all users to
ssh and limit the sftp/scp users :-(
Thnx anyway.

Dennis


Dennis Peere

2004-01-23, 7:25 pm


"Troy Piggins" <troy@piggo.com> wrote in message
news:fd4Pb.19617$Wa.938@news-server.bigpond.net.au...
quote:

> "Dennis Peere" <sycrontw@hotmail.com> wrote in message
> news:40065346$0$1159$ba620e4c@news.skynet.be...
> and I'd
> scp/sftp.
> only marc
>
> What about adding entries in /etc/hosts.allow and /etc/hosts.deny?
> --
> T R O Y P I G G I N S
> e : troy@piggo.com
>
>

I needed user based authentication but it seems you cant allow all users to
ssh and limit the sftp/scp users :-(
Thnx anyway.

Dennis


Dennis Peere

2004-01-23, 7:25 pm


"Troy Piggins" <troy@piggo.com> wrote in message
news:fd4Pb.19617$Wa.938@news-server.bigpond.net.au...
quote:

> "Dennis Peere" <sycrontw@hotmail.com> wrote in message
> news:40065346$0$1159$ba620e4c@news.skynet.be...
> and I'd
> scp/sftp.
> only marc
>
> What about adding entries in /etc/hosts.allow and /etc/hosts.deny?
> --
> T R O Y P I G G I N S
> e : troy@piggo.com
>
>

I needed user based authentication but it seems you cant allow all users to
ssh and limit the sftp/scp users :-(
Thnx anyway.

Dennis


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com