[scponly] ssh and scponly related query.
Benjamin Donnachie
benjamin at pythagoras.no-ip.org
Thu Sep 15 15:35:45 EDT 2005
"J.D. Baldwin" <baldwin at panix.com> wrote:
>> Though this might not matter as ben2 could remain chroot'ed with scp as
>> its shell and ben1 be "un-chrooted" with bash... Do you know whether
>> public key authentication will work even if a user's password is
>> disabled? (Unfortunately, I'm off site at the moment so can't check)
>> As, if so, this would be an ideal solution! :-)
>The answer to the above question depends on the OS and the way you
>disable the password.
I'm currently using Fedora Core 3 - I'll have a look when I get back on
site.
>Solaris 9/10 have fixed some irritating deficiencies in their password-
>disabling methods. If the password is *locked* -- e.g., "*LK*" in the
>shadow file, OpenSSH won't let you log in even with a key. If the
>password is "no password" -- e.g., "NP" in the shadow file, you'll be
>allowed in as long as you have some way of authenticating without a
>password.
I shall keep my fingers crossed! :-)
>Another option would be to use the AuthorizedKeysFile directive in
>sshd_config to give ben1 a key while ben2 gets none and therefore has
>to use a password.
It doesn't matter if both the file transfer and full shell account both use
public key authentication; however, I don't want the full shell account
using passwords.
Many thanks for your help - I'll let you know how things go when I get back
on site! :)
Take care,
--
Benjamin
benjamin at pythagoras.no-ip.org
More information about the scponly
mailing list