allowing scp but not ssh (here's how)
Alex Pennace
alex at pennace.org
Mon Jul 29 20:53:05 EDT 2002
On Mon, Jul 29, 2002 at 09:45:25AM -0400, Scott Prive wrote:
> Ah yes, sorry, I *did* intend to copy in the source if the refusal message. :-)
>
> Here's what you'd add. There could be something else to this, but I didn't see any symlink trickery.
>
> This setup allows specific users (determined by their login shell). Out of curiosity, I have not found any way to defeat this, if my only "account" is one of these rbash-designated accounts.
>
> # cat /etc/ssh/sshrc
[snip]
/etc/ssh/sshrc is executed only when ~/.ssh/rc doesn't exist (at least
that's how my sshd works). Make a zero-length ~/.ssh/rc.
More information about the Discuss
mailing list