scp without permitting shell access, possible?
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Fri Dec 15 14:29:11 EST 2000
On Thu, 14 Dec 2000, Jos Backus wrote:
> [My apologies if this question is deemed inappropriate for this list.]
>
> Using OpenSSH, is it possible for a program/script to copy files with known
> filenames from a remote server (running sshd), without allowing (interactive)
> ssh access to that server? I.e. ``ssh server ls'' or ``ssh server'' should not
> be possible (for security reasons), but ``scp server:file .'' should.
>
I don't see how you can do such a thing without changing how scp
works. (Which is scp would no longer spawn the user's interactive shell,
but either spawn /bin/sh w/ no .*rc files.)
I'd have to test it.. but you may be able to pull it off with
sftp-server. But I am not up on my 'subsystem' definations of SSH2.
- Ben
More information about the openssh-unix-dev
mailing list