@slowtolearn - I don't think that works w/ R5.5's version of sshd
| LinHES Forums http://forums.linhes.org/ |
|
| sshd config - deny ssh access to mythtv but allow scp http://forums.linhes.org/viewtopic.php?f=6&t=19883 |
Page 1 of 1 |
| Author: | graysky [ Wed May 20, 2009 5:08 pm ] |
| Post subject: | sshd config - deny ssh access to mythtv but allow scp |
Can I deny ssh access to mythtv but allow mythtv to use scp? Thus far I can only accomplish the deny part by the following line (included with KM) to my /etc/ssh/sshd_config Code: DenyUsers mythtv
This has the unfortunate side-effect of disallowing scp. Anyone? |
|
| Author: | slowtolearn [ Wed May 20, 2009 5:23 pm ] |
| Post subject: | |
Something like this should do the trick http://pario.no/2007/11/28/deny-ssh-but ... tp-access/ |
|
| Author: | graysky [ Thu May 21, 2009 3:51 pm ] |
| Post subject: | |
@slowtolearn - I don't think that works w/ R5.5's version of sshd
|
|
| Author: | manicmike [ Sat May 23, 2009 4:38 pm ] |
| Post subject: | Re: sshd config - deny ssh access to mythtv but allow scp |
graysky wrote: Can I deny ssh access to mythtv but allow mythtv to use scp?
scp shares sshd_config and port 22 with ssh, so I would probably not even try. You could use samba or nfs to transfer files. Does what you're trying to do absolutely rely on only the default user connecting on port 22? What are you trying to do? Mike |
|
| Author: | graysky [ Sat May 23, 2009 7:19 pm ] |
| Post subject: | |
Problem is user mythtv can't get in via ssh (which is fine), but that also means that user mythtv can't get in to scp either. Since most of the content in /myth is owned by user mythtv, it can be a pain to add files without scp. |
|
| Author: | manicmike [ Sun May 24, 2009 11:00 pm ] |
| Post subject: | |
graysky wrote: Problem is user mythtv can't get in via ssh (which is fine), but that also means that user mythtv can't get in to scp either. Since most of the content in /myth is owned by user mythtv, it can be a pain to add files without scp.
Try adding the user created during the install to the mythtv group and change the permissions of the directory you are attempting to drop files into to be group writeable (e.g. chmod g+rwx /myth/video)? Mike |
|
| Author: | willem [ Mon May 25, 2009 5:31 am ] |
| Post subject: | |
Look for a shell called scponly. Once compiled and installed in let's say /usr/local/bin, then change the shell for the mythtv user to /usr/local/bin/scponly. The only caveat I can think of is that cron jobs or startup scripts for this user may not work with this shell, but if it doesn't the changes are easily undone. |
|
| Author: | graysky [ Wed May 27, 2009 4:44 pm ] |
| Post subject: | |
manicmike wrote: Try adding the user created during the install to the mythtv group and change the permissions of the directory you are attempting to drop files into to be group writeable (e.g. chmod g+rwx /myth/video)?
I just ended up adding my user to the mythtv group and I can now scp via that user to /myth just fine. The mythtv user is still banned from ssh altogether so security is a little tighter. Thanks for the suggestion! Code: usermod -a -G mythtv USERNAME
|
|
| Author: | geminidomino2 [ Fri May 29, 2009 8:38 am ] |
| Post subject: | |
For future reference, check out scponly |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|