|
|
Sponsored Content
Special Forums
Cybersecurity
ssh many users to one home
Post 302427161 by flpgdt on Friday 4th of June 2010 05:32:51 AM
06-04-2010
ssh many users to one home
Hey guys,
Hmm.. I'm not quite sure where to open this. If any mod thinks this is not the place, please move it to wherever its suited
So,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.
I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.
I will put an example;
Having:
1)MyUser@MyServer
2)MyUser belongs to the group MyGroup
3)MyUser's home will be lets say, /home/MyUser
4)SFTPGuy1@OtherBox1
5)SFTPGuy2@OtherBox2
They give me their id_dsa.pub's and I add it to my authorized_keys
I reckon then, I'd do in my server something like
useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)
And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)
I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...
Well, this is not the case... SFTP just keeps asking me for a password.
Could someone point out what am I missing?
Thanks a mil,
f.
[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:
Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.
Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]
Hmm.. I'm not quite sure where to open this. If any mod thinks this is not the place, please move it to wherever its suited
So,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.
I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.
I will put an example;
Having:
1)MyUser@MyServer
2)MyUser belongs to the group MyGroup
3)MyUser's home will be lets say, /home/MyUser
4)SFTPGuy1@OtherBox1
5)SFTPGuy2@OtherBox2
They give me their id_dsa.pub's and I add it to my authorized_keys
I reckon then, I'd do in my server something like
useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)
And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)
I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...
Well, this is not the case... SFTP just keeps asking me for a password.
Could someone point out what am I missing?
Thanks a mil,
f.
[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:
Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.
Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
What would be the best way to extract a users home from /etc/passwd. I intended to use cut but have been semi advised that a can do it using and eval statement and the ~ operator. Unfortunately this was just a casual conversation so made little sense at the time. Any help much appreciated.
cheers (4 Replies)
Discussion started by: spaceship
4 Replies
2. HP-UX
Hello all,
Most of our users have the same home directory, I know it's weird but it has been like this before me and we don't want to change that for now. When creating a new user using command useradd, it is not allowing me to create it because it is using the home directory of someone else. I... (2 Replies)
Discussion started by: qfwfq
2 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I am looking for a shell script (or any other way), that puts a user in a home directory jail. So for example, I have a user named richard and I don't want him wandering outside /usr/users/richard. I don't want him to cd to anywhere including cd ..
Somebody said you can do that with... (3 Replies)
Discussion started by: mz043
3 Replies
4. Solaris
Hi Friends,,
I installed solaris 10 in vmware just now.I got a simple problem while i want to create users in /home directory.It is saying "cannot create ".So i checked the permission and then i find that the perm to user(root) is r-x.So i tried to change it to rwx using chmod but again i got a... (4 Replies)
Discussion started by: sdspawankumar
4 Replies
5. UNIX for Dummies Questions & Answers
I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing.
The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies
6. Solaris
Hi Guys,
I have a problem with configuring a server. this is a solaris 10 with sparc platform.
I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display.
I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies
7. UNIX for Advanced & Expert Users
We have seen an issue whereby every morning around the same time , we see files being deleted from /users/$userid .
We have many crons and processes running across 40+ different servers .
Possibly some rogue process is doing this .
How can one isolate the process removing stuff from the... (4 Replies)
Discussion started by: taherkf
4 Replies
8. Red Hat
Hi friends,
I must to give ssh connection to own customer.
So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user.
I am waitting your kindly helps :D
---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies
9. AIX
Hello,
I must close ssh users to the home directory.
It means the users musn't see anything inside their home directory.
For example after login to the os and type this command "cd .."
or "cd /" it musn't work.
How can I implement it?
(Probably chroot or rootsh but how?) (1 Reply)
Discussion started by: jeszi
1 Replies
10. UNIX for Advanced & Expert Users
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
LEARN ABOUT LINUX
ssh-copy-id
SSH-COPY-ID(1) General Commands Manual SSH-COPY-ID(1) NAME
ssh-copy-id - install your public key in a remote machine's authorized_keys SYNOPSIS
ssh-copy-id [-i [identity_file]] [user@]machine DESCRIPTION
ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/autho- rized_keys file. If the -i option is given then the identity file (defaults to ~/.ssh/id_rsa.pub) is used, regardless of whether there are any keys in your ssh-agent. Otherwise, if this: ssh-add -L provides any output, it uses that in preference to the identity file. If the -i option is used, or the ssh-add produced no output, then it uses the contents of the identity file. Once it has one or more fin- gerprints (by whatever means) it uses ssh to append them to ~/.ssh/authorized_keys on the remote machine (creating the file, and directory, if necessary.) NOTES
This program does not modify the permissions of any pre-existing files or directories. Therefore, if the remote sshd has StrictModes set in its configuration, then the user's home, ~/.ssh folder, and ~/.ssh/authorized_keys file may need to have group writability disabled manu- ally, e.g. via chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys on the remote machine. SEE ALSO
ssh(1), ssh-agent(1), sshd(8) OpenSSH 14 November 1999 SSH-COPY-ID(1)