[scponly] logging control

Kaleb Pederson kaleb.pederson at gmail.com
Wed Apr 1 12:58:33 EDT 2009


On Wed, Apr 1, 2009 at 9:00 AM, Christopher Barry
<christopher.barry at qlogic.com> wrote:

[...snip...]
> Anyone have a chance to chew on this? Are there some docs/posts I've missed that I should read first?

My response yesterday should reference enough documentation that you
can figure this out.

> Thought I'd go ahead and mention that I am writing a management application around scponly that controls chrooted sites, utilizing a key-based authentication scheme only - no passwords. It's called sftp-manager.
>
> The organization is around the 'partner', who is the username used to access the site, and the Linux user. But the real 'user' is simply an email address/keypair combination. Users are tracked and maintained by their email address and key fingerprint.
>
> A single key can allow access to any number of sites. The primary use of this app is to maintain and control a support environment where the 'partner' is a partner company, and the users are employees of that company or local support engineers. This way there are no shared passwords, and an individual can be removed from a site easily without making everyone change their passwords to maintain security.
>
> So far it's working incredibly well, but it's got a way to go yet. Getting meaningful audit data is what this post is trying to help facilitate.

I created a suite of shell scripts for user, group, and chroot
management at a company I worked for about five years ago.  Overall,
it worked great and they're still using them.  I hope you end up with
something generically useful.

Thanks.

--Kaleb



More information about the scponly mailing list