[scponly] ssh and scponly related query.
Benjamin Donnachie
benjamin at pythagoras.no-ip.org
Thu Sep 15 14:48:26 EDT 2005
"J.D. Baldwin" <baldwin at panix.com> wrote:
>Create two UNIX users, let's say ben1 and ben2. Both will be defined
>with the same home directory and UID, and the same group membership.
>In ~ben1/.ssh/authorized_keys are your public keys for authentication.
>There is no ~/ben2/.ssh/authorized_keys file.
My understanding is that OpenSSH looks in the ~/.ssh directory for it's
config files - so if both users have the same home directory, they'll both
have the same .ssh/authorized_keys file... :-/
>Now you can do uploads/downloads with the ben2 account and its
>password, but you can shell in to ben1 with your key.
Though this might not matter as ben2 could remain chroot'ed with scp as its
shell and ben1 be "un-chrooted" with bash... Do you know whether public
key authentication will work even if a user's password is disabled?
(Unfortunately, I'm off site at the moment so can't check) As, if so, this
would be an ideal solution! :-)
Take care,
--
Benjamin
benjamin at pythagoras.no-ip.org
More information about the scponly
mailing list