[scponly] ssh and scponly related query.

Benjamin Donnachie benjamin at pythagoras.no-ip.org
Thu Sep 15 18:54:46 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Benjamin Donnachie wrote:
>>The answer to the above question depends on the OS and the way you
>>disable the password.  

> I'm currently using Fedora Core 3 - I'll have a look when I get back on 
> site.

Excellent news - it works perfectly! :-)

All I needed to do was use useradd specifying the environment I wanted,
thus giving /etc/passwd (for example):

ben2:x:666:666:Existing acc:/home/ben//:/usr/local/sbin/scponlyc
ben1:x:666:666:New duplicated shell account:/home/ben/:/bin/bash

useradd automatically creates an entry in /etc/shadow with a disabled
password:

ben1:!!:0:0:99999:7:::

Thus you can login to the account ben2 and perform file transfers using
password authentication or public key authentication, but you can only
into account ben1, with shell access, using public key authentication!
Perfect! :-)

Many thanks for your help!

Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQyn7tOgNmph0Y1E2AQIOSQ/9GcH0FT8p+iPGNcm7Y9+ArGB+E37vwLSy
Gzzl200rCkFmBFFfxgmTPuz/CCmsRnsb7sLslOBaXXqnVD6aB4Ykd98NnhMDZmYO
aQNZ1oPJXKEpizKbgAtXnIoAePPHfeeNOXGl91WptSAHZ8vY4flNHTCeet2+Zopb
bKkuqb5f7ORKuoIzAMK1NHNsT0u8EYsyaEALYiy1pjBHF9sfF/MXeIh0qJ/Crrrr
KG9iTcDLCC3FItAcZ5isQ9+vG4Mf3fRXwDRMGkPl3gu5Tc/bW5xJwXF7NFLDEz12
vawoa0O7AaJNf/vhfnLNJ0Ug8fRPxbVeGA/6YSSOxLixBybF8Ki0yNlK6QeDPhTi
wUQDmxAZ1gbgLDHKcshYdTDMGqUiOZt5GkmHUhq0qqd7o12cn1nhvf/fvVJpWkyb
QibhyAYorB7SjiiieQPZzYkPowMxYwXWSMyPf4rAgYp4iQZj4zUqogDMT2SVrG5m
I1bNx2YEZJLrc1JosLS52v0mhGxy3wrLl7rMvDocHXEwRSdGeZbivpP4XeDj3BjI
JbtqGjgEdk8BLgTSba07rVkBWohZH9Fpz4Q67VJi78ueNuUoCNccTrpivJIupaDK
Yl2ZVGAC043I3GJQ0Li17Ic1Kxro9TzqMtsY9njR0iwBLn3n8pNx5f8xiQ3Mc6H/
a2Y+MDtSnHw=
=TOtU
-----END PGP SIGNATURE-----



More information about the scponly mailing list