[ubuntu-za] Securely upload files to server?
Neil Muller
neil at dip.sun.ac.za
Sat May 17 09:33:30 BST 2008
On Sat, May 17, 2008 at 06:12:49AM +0200, Neil Manson wrote:
> Hi All
>
> I run a server at work, and I would like to allow a colleague to upload
> files to it, but as securely as possible. I'm not really keen to run an
> FTP server on the box. I could give my colleague an account on the box
> and allow him ssh access, but there is no need for an account on the box
> other than the file uploads.
You can create a restricted account with allows scp/sftp access, but
doesn't allow the user to login. Various ways of doing this exist.
A common approach is to use a restrictive shell like rssh or scponly [1],
but other options, such as using pam_chroot to restrict the
user's access to a carefully chosen subset of the directory tree also
exist [2], or using sshd_config options like ForceCommand to restrict
the user [3], can also be used.
[1] both rssh and scponly have somewhat spotty security histories,
though, so you'll need to do some research and decide if the risks are
acceptable first.
[2] Also read up on chroot security and the ways of breaking out of
chroots.
[3] And there have been bugs that make this bypassable as well under
various circumstances.
--
Neil Muller email: neil at dip.sun.ac.za
Division Applied Mathematics, Department of Mathematical Sciences
University of Stellenbosch
More information about the ubuntu-za
mailing list