[lug] Cracking attempts via SSH (somewhat OT)

David Anselmi anselmi at anselmi.us
Thu Sep 9 19:08:01 MDT 2004


Ben Luey wrote:
> On the subject of ssh logins and security, I'm trying to reduce the number
> of accounts that have remote ssh access to a server, and so I installed
> scponly.  Scponly gives users scp / sftp access but no shell access and
> chroots to their home directory. This is great, but I would like some
> users to have ssh login access from inside our firewall, but because
> scponly is installed as their shell, I don't know how to do this. Is it
> possible to somehow have a host specific shell?

The authorized keys file might do this.  You can specify hosts that are 
allowed or disallowed to use a key, and a command to execute for the key.

Perhaps you can make an entry for internal hosts with no command 
(regular shell access) and one for external hosts with scponly as the 
command, both using the same key.

If that doesn't work, you can always use two keys, one for scponly and 
one for any command (and usable only internally).

You might check with the scponly developers and see if anyone has 
thought of adding this feature or if they have a better approach.

Dave




More information about the LUG mailing list