How to restrict SSH users to block SCP/SFTP?

How to restrict SSH users to block SCP/SFTP?: Posted by AbhishekM on April 14th, 2008; Hi,

This is my first posting this group so please redirect me to right
group if this posting is not relevant here.

I want to allow my users to SSH to my server but I want to block them
from using SCP or SFTP.

Please tell me if it is possible.

Kind Regards,
-Abhishek; Posted by Chris Mattern on April 14th, 2008; On 2008-04-14, AbhishekM <star.abhishek@gmail.com> wrote:
server than an ssh session; it's not possible to tell the two apart.

--
Christopher Mattern

NOTICE
Thank you for noticing this new notice
Your noticing it has been noted
And will be reported to the authorities; Posted by Wayne on April 14th, 2008; AbhishekM wrote:
Yes, part of the format for keys in the
"authorized_keys" includes the sort of restriction
you are talking about. You can add
command="command" to the key.
This "Specifies that the command is executed whenever
this key is used for authentication. The command
supplied by the user (if any) is ignored."

You can also configure the sshd daemon to ignore
any commands (such as scp) and force a login shell.
See the man pages for sshd and sshd_config for details.

-Wayne; Posted by Helmut Kreft on April 14th, 2008; On Mon, 14 Apr 2008 02:51:33 -0700 (PDT), AbhishekM wrote:
http://sublimation.org/scponly/wiki/index.php/Main_Page

Despite its name, it does scp and sftp.

Helmut

--
Almost everything in life is easier to get into than out of.
(Agnes' Law); Posted by Helmut Kreft on April 14th, 2008; On Mon, 14 Apr 2008 02:51:33 -0700 (PDT), AbhishekM wrote:
After reading your post more carfully, I see you want to do quite the
opposite of what people usually want (no shell but sftp/scp).

Well now - I can only guess what train of thought lead you to consider
such a setup, but copying data will always be possible if a shell is
provided:

ssh user@host 'cat /some/where/whatiwant.txt' > igotit.txt

So disabling scp/sftp (which probably could be done in some ugly way)
will annoy users, but data will still leave your server if a user
wishes to do so.

Helmut

--
Almost everything in life is easier to get into than out of.
(Agnes' Law); Posted by AbhishekM on April 15th, 2008; On Apr 15, 2:18 am, Helmut Kreft <kr...@unfug.org> wrote:
Hi Guys,

Thanks for your response. Now I understand that if I am allowing ssh
then scp (or file transfer) is implicitly allowed. Therefore it is not
possible to restrict user to copy data if he really wants to.

Kind Regards,
-Abhishek

Similar Posts

Restrict/Block computer name tab is System Properties (Microsoft Windows) by smoore0414
Restrict Users (Windows Server) by Bob
How to restrict users to only be able to use IE (Windows 2003) by newbie
how to restrict users (Windows 2000) by Sonny
Restrict users on Log-on (Windows 2000) by Alvin Navarro