View unanswered posts    View active topics

Board index KnoppMyth General

All times are UTC - 6 hours





Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 
Print view Previous topic   Next topic  
Author Message
Search for:
graysky
PostPosted: Wed May 20, 2009 5:08 pm 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
Can I deny ssh access to mythtv but allow mythtv to use scp? Thus far I can only accomplish the deny part by the following line (included with KM) to my /etc/ssh/sshd_config
Code:
DenyUsers mythtv


This has the unfortunate side-effect of disallowing scp. Anyone?

_________________
Retired KM user (R4 - R6.04); friend to LH users.
Top
 Profile  
 
slowtolearn
 Post subject:
PostPosted: Wed May 20, 2009 5:23 pm 
Offline
Joined: Wed Nov 16, 2005 8:55 pm
Posts: 1381
Location: Farmington, MI USA
Something like this should do the trick http://pario.no/2007/11/28/deny-ssh-but ... tp-access/
Top
 Profile  
 
graysky
 Post subject:
PostPosted: Thu May 21, 2009 3:51 pm 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
@slowtolearn - I don't think that works w/ R5.5's version of sshd :(

_________________
Retired KM user (R4 - R6.04); friend to LH users.
Top
 Profile  
 
manicmike
PostPosted: Sat May 23, 2009 4:38 pm 
Offline
Joined: Sun Aug 28, 2005 7:07 pm
Posts: 821
Location: Melbourne, Australia
graysky wrote:
Can I deny ssh access to mythtv but allow mythtv to use scp?


scp shares sshd_config and port 22 with ssh, so I would probably not even try. You could use samba or nfs to transfer files. Does what you're trying to do absolutely rely on only the default user connecting on port 22? What are you trying to do?

Mike

_________________
*********************
LinHES 7.4
Australian Dragon
*********************
Top
 Profile  
 
graysky
 Post subject:
PostPosted: Sat May 23, 2009 7:19 pm 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
Problem is user mythtv can't get in via ssh (which is fine), but that also means that user mythtv can't get in to scp either. Since most of the content in /myth is owned by user mythtv, it can be a pain to add files without scp.

_________________
Retired KM user (R4 - R6.04); friend to LH users.
Top
 Profile  
 
manicmike
 Post subject:
PostPosted: Sun May 24, 2009 11:00 pm 
Offline
Joined: Sun Aug 28, 2005 7:07 pm
Posts: 821
Location: Melbourne, Australia
graysky wrote:
Problem is user mythtv can't get in via ssh (which is fine), but that also means that user mythtv can't get in to scp either. Since most of the content in /myth is owned by user mythtv, it can be a pain to add files without scp.


Try adding the user created during the install to the mythtv group and change the permissions of the directory you are attempting to drop files into to be group writeable (e.g. chmod g+rwx /myth/video)?

Mike

_________________
*********************
LinHES 7.4
Australian Dragon
*********************
Top
 Profile  
 
willem
 Post subject:
PostPosted: Mon May 25, 2009 5:31 am 
Offline
Joined: Tue Feb 03, 2004 3:23 am
Posts: 159
Location: Friesland, The Netherlands
Look for a shell called scponly. Once compiled and installed in let's say /usr/local/bin, then change the shell for the mythtv user to /usr/local/bin/scponly. The only caveat I can think of is that cron jobs or startup scripts for this user may not work with this shell, but if it doesn't the changes are easily undone.
Top
 Profile  
 
graysky
 Post subject:
PostPosted: Wed May 27, 2009 4:44 pm 
Offline
Joined: Wed Dec 10, 2003 8:31 pm
Posts: 1996
Location: /dev/null
manicmike wrote:
Try adding the user created during the install to the mythtv group and change the permissions of the directory you are attempting to drop files into to be group writeable (e.g. chmod g+rwx /myth/video)?


I just ended up adding my user to the mythtv group and I can now scp via that user to /myth just fine. The mythtv user is still banned from ssh altogether so security is a little tighter. Thanks for the suggestion!

Code:
usermod -a -G mythtv USERNAME

_________________
Retired KM user (R4 - R6.04); friend to LH users.
Top
 Profile  
 
geminidomino2
 Post subject:
PostPosted: Fri May 29, 2009 8:38 am 
Offline
Joined: Wed Aug 06, 2008 10:59 am
Posts: 8
For future reference, check out scponly
Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 


Board index KnoppMyth General

All times are UTC - 6 hours




Who is online

Users browsing this forum: No registered users and 11 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu