[My apologies if this question is deemed inappropriate for this list.] Using OpenSSH, is it possible for a program/script to copy files with known filenames from a remote server (running sshd), without allowing (interactive) ssh access to that server? I.e. ``ssh server ls'' or ``ssh server'' should not be possible (for security reasons), but ``scp server:file .'' should. Thanks, -- Jos Backus _/ _/_/_/ "Modularity is not a hack." _/ _/ _/ -- D. J. Bernstein _/ _/_/_/ _/ _/ _/ _/ josb at cncdsl.com _/_/ _/_/_/ use Std::Disclaimer;
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> [My apologies if this question is deemed inappropriate for this list.]I think it kind-of is, but that's okay.> Using OpenSSH, is it possible for a program/script to copy files with > known filenames from a remote server (running sshd), without allowing > (interactive) ssh access to that server? I.e. ``ssh server ls'' or > ``ssh server'' should not be possible (for security reasons), but > ``scp server:file .'' should.The way I usually do this is with keys and command squashing. "man sshd" for the details, but basically, you set up keys like normal ("man ssh-keygen") but in the authorized_keys file, you preface the key you want to restrict with restriction commands. an example: Say your rsa public key looks like: 1024 35 41249862493867123982176...lots of digits...11243590723 user at host You would tack onto the front command="scp -f <file>" - so the line in your authorized_keys file would look like: command="scp -f <file>" 1024 35 41249862...lots of digits...723 user at host all on one line. Now, whenever someone logs in with this key, no matter what command they try to run, the server will only (and always) run that scp. And you can add other restrictions too - for example, you should probablly prevent port forwarding to the machine, so the restriction string (all the text before the "1024 35 1212541512342...") might look like: command="scp -f <file>",no-port-forwarding,no-X11-forwarding,no-pty -Jason --------------------------- If the Revolution comes to grief, it will be because you and those you lead have become alarmed at your own brutality. --John Gardner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: See private.idealab.com/public/jason/jason.gpg iD8DBQE6OYPsswXMWWtptckRAoTTAJ4/vVoQ1IlflclcboPI8IaVFw01/gCgvuiR ZIzAHBOGyt+ekKPR5jEqWgo=QsrM -----END PGP SIGNATURE-----
I did it in a very stupid, but simple way, implement a simple version of scp through a restricted shell. Which usually ends up going something like this: ssh hostname cat file > destfile where your restricted shell is /bin/cat Jos Backus wrote:> > [My apologies if this question is deemed inappropriate for this list.] > > Using OpenSSH, is it possible for a program/script to copy files with known > filenames from a remote server (running sshd), without allowing (interactive) > ssh access to that server? I.e. ``ssh server ls'' or ``ssh server'' should not > be possible (for security reasons), but ``scp server:file .'' should. > > Thanks, > -- > Jos Backus _/ _/_/_/ "Modularity is not a hack." > _/ _/ _/ -- D. J. Bernstein > _/ _/_/_/ > _/ _/ _/ _/ > josb at cncdsl.com _/_/ _/_/_/ use Std::Disclaimer;
mouring at etoh.eviladmin.org
2000-Dec-15 03:29 UTC
scp without permitting shell access, possible?
On Thu, 14 Dec 2000, Jos Backus wrote:> [My apologies if this question is deemed inappropriate for this list.] > > Using OpenSSH, is it possible for a program/script to copy files with known > filenames from a remote server (running sshd), without allowing (interactive) > ssh access to that server? I.e. ``ssh server ls'' or ``ssh server'' should not > be possible (for security reasons), but ``scp server:file .'' should. >I don't see how you can do such a thing without changing how scp works. (Which is scp would no longer spawn the user's interactive shell, but either spawn /bin/sh w/ no .*rc files.) I'd have to test it.. but you may be able to pull it off with sftp-server. But I am not up on my 'subsystem' definations of SSH2. - Ben