A colleague today asked for some guidance around setting up an SFTP and SCP only account on a RedHat based Linux machine. I sent him a collection of links, including one to the CopSSH project, and he implemented the code on that link, but then struggled when it didn't work. Aside from the fact the shell wasn't copied into /etc/shells (which wasn't disastrous, but did mean we couldn't reuse it again later), it was still returning an error on each load. Doing some digging into it, and running some debugging, I noticed that pscp (the PuTTY SCP) tool uses the SFTP subsystem rather than the SCP command to upload files, so we need to also check that the SFTP server hasn't been called, instead of the SCP command, and also the SCP command needs to be corrected. Here follows a script, complete with comments. Personally, I'd save this in /bin/sftponly, created and owned by root, and set to permissions 755 (rwxr-xr-x). Then, set the shell to this for each user which needs to do SFTP or SCP only. #!/bin/
More
Support this project and others with 1-click micro-donations
