[scponly] using keys with scponly
Kaleb Pederson
kaleb.pederson at gmail.com
Sat Feb 2 17:41:00 EST 2008
I'm not sure I understand your question. Scponly will work fine with keys. In
fact, all the key authentication is done before scponly is invoked, so
scponly does not get in the way of key authentication.
You do, however, need to make sure that the .ssh config setup is secure, eg.
don't allow your scponly users to change it or they might do things that can
allow them to run arbitrary programs.
I use a script that creates the .ssh directories read-only so that they can
authenticate with keys (they provide me one) but can't change it. The other
option, which might be better depending on your needs, is to have sshd use a
directory that's outside the chroot for its config. Then you don't even have
to worry about the users changing it.
I hope that helps.
--Kaleb
On Saturday 02 February 2008, pettern k wrote:
> Hi
>
> Just started using scponly but i have one problem.
> Im using the same server for usuall SSH access with pubkeys and privkeys.
> Since scponly is using the same sshd service its using the same config
> file.
>
> So i need to either use scponly with keys or somehow
> make ssh and scponly use different config files.
>
> I have tried
> to add the authorized_keys as with other ssh accounts but it doesnt
> seem to work.
> When i allow for password authentication in the config file it works again.
>
> Does it work for the rest of you?
>
> cheers
> Pettern
More information about the scponly
mailing list