[scponly] V 4.0 allows ssh ??
Ralf Durkee
rd at rd1.net
Fri Dec 17 14:12:14 EST 2004
On Fri, Dec 17, 2004 at 01:33:23PM -0500, Terry Gliedt wrote:
> wby oblyr wrote:
> >It is worth mentioning that scp does not operate without ssh. If one were
> >to disable ssh completely, scponly would not function. ssh is just the
> >transport for commands like "scp".
> >
. . .
>
> Yes, I understand. What I was expecting (and now have cause I removed
> the code you reference below) is a 'shell' which only allows scp
> commands to work. One cannot get ssh to a destination host to work. I'll
> combine this with a special sshd using a particular port and iptables to
> control access and I'll have a resasonably safe mechanism to SCP data
> from one machine to another.
>
Sound like you would be better off enabling only sftp, so that shell commands
would not be allowed. Only the cmds supported by the sftp-server.
You could then further restrict the commands allowed to sftp-server.
-- Ralf Durkee
http://rd1.net
More information about the scponly
mailing list