[lug] Re: Scp Config

rm at mamma.varadinet.de rm at mamma.varadinet.de
Fri Jun 29 00:40:38 MDT 2001


On Thu, Jun 28, 2001 at 03:53:22PM -0600, Gary Frerking wrote:

> Along the lines of what John mentioned, I've seen interactive logins
> disabled for specific accounts by not having a shell assigned to the
> account at all (or assigning some sort of null shell or something to the
> account -- like '/bin/false'?).
> 
> I've seen this sort of technique used more than once on more than one
> flavor of *nix. I seem to recall the details varied a bit depending on
> the *nix.
> 
> I don't have the details of how to do it handy, it's just a faint memory
> -- sorry.
> 
> Hopefully this will give you enough of a pointer (or trigger someone
> else's memory).

Yes, you can disable interactive logins with this trick, but you won't be
able to use 'scp' once you apply it. scp (like the old 'rcp') is nothing more
than a thin layer on top of a ssh login -- it'll use commands like 'cd' and
'cp' on both sides, so restricting one side will break the program. The same
is true for 'rsync' btw.

 Ralf



More information about the LUG mailing list