Locking down access vi winscp Post: 302958608

Sponsored Content

Operating Systems AIX Locking down access vi winscp Post 302958608 by juredd1 on Friday 23rd of October 2015 06:03:23 PM

10-23-2015

Registered User

Locking down access vi winscp

Did some search but didn't find what I was looking for. We have a fairly complex system in which we have a special shell that is actually a script that runs some checks to make sure the user is coming in via the approved ssh client and if not they are kicked out.
Recently we figured out folks are coming in via winscp and it would appear that winscp does not follow the same rules so the special script not getting invoked and blocking them.
Does users coming in via winscp run the .profile for a given user?

I thought I knew AIX pretty well but this is beyond me at this point.
So users are coming in through winscp and accessing areas that they should not be in. Those areas are more open than they should normally but user when logging in normally don't get shell access they are forced into a program so the areas of concerns were never accessible to them. It's really an application issue that is causing those sensitive areas to be open like they are so they can't be locked down at the file/directory level.

Is anyone aware of a way to lock a user down into their home directory when using tools like winscp? We use chroot type security on our linux "FTP". But not sure how putting chroot type security on this AIX server might affect normal enduser logins to the application that resides on this server as when they come in like they should the application is the one accessing the other sensitive areas and is not allowing the user to access areas that don't belong to them.

Thanks for your time.
Justin

juredd1

View Public Profile for juredd1

Find all posts by juredd1

6 More Discussions You Might Find Interesting

1. Linux

WINSCP for Linux?

Is there something that will work on Linux with the same functionality like Winscp?

2. AIX

File access issue through sftp/winscp

Hi, I have SSH where I want to restrict browsing for a user "drrep" to the assigned home directory only.So I have put a entry in the sshd_config file as �AllowFiles "drrep:/fcrarch/fl02r/*" as shown in the scrren below. But due to this setting none of the users are able to login through winscp...

3. AIX

winscp between AIX and windows

Hello Admins, I am trying to copy some files/packages from my windows host to AIX server. I am a normal user not root. I am getting an error as below: cannot initialize sftp protocol..... I have enabled the ftp service. Could you help me out..

4. AIX

WINSCP Log in AIX 6.1

Hello Team, In my environment , Application team using winscp to create/modify/delete the files in the AIX server from their windows boxes. I have enabled the user history, su logs and lastlog, but the users whoever using winscp its not getting tracked. How to enable the WINSCP logs in AIX...

5. UNIX for Dummies Questions & Answers

What is winscp?

Hi I am new to using unix and editors for unix.. what is winscp? how to use it? what are ways to download this and learn?

6. UNIX for Dummies Questions & Answers

Putty and winscp - what is the difference?

Want to understand the difference between putty and winscp. thanks in advance

LEARN ABOUT DEBIAN

cg

CG(1)																	     CG(1)

NAME

       cg - Recursively grep for a pattern and store it.

SYNOPSIS

       cg [ -l ] | [ [ -i ] pattern [ files ] ]

DESCRIPTION

       cg  does  a search though text files (usually source code) recursively for a pattern, storing matches and displaying the output in a human-
       readable fashion.  It is intended to give some of the functionaly of AT&T's cscope(1) tool, with the advantages of simplicity and not being
       language-specific.  The script will colorize output if configured as such.

       It  is typically run with a Perl regular expression to search for.  The search can be made case insensitive by using the -i option.  A list
       of files may also be specified with an additional argument after the pattern.  Put the files pattern in quotes to make  it  be  matched	by
       Perl  rather  than  by  the shell.  Running the script with no arguments will recall the results of the previous search.  After the search,
       entries found can be edited using the vg(1) script.  The -l option shows the last log made.

SOME EXAMPLES

       cg - alone recalls the previous search results.

       cg -i pattern - search the default list of files for all files matching the pattern (and case-insensitively).

       cg pattern '*.c' - search recursively for pattern in all *.c files.  This automatically converts '*' to '.*' and '.' to '.'  for  you  and
       does a Perl pattern match on all files in the tree.

       cg  pattern  *.c  - search through the shell-expanded list of *.c files, so not done recursively (in other words, only the files your shell
       pass to the script as arguments).

       cg -l - show the last log made.

COMMAND-LINE OPTIONS
       -i   Do a case-insensitive search.

       -l   Show the last log made.

       -p   Toggle the default pager option.  cg has a bulit-in pager function, which can be enabled or disabled by default (in .cgvgrc).  If  the
	    default is enabled, this option disables the pager; if the default is disabled, this option enables it.

       -P   Force the built-in pager to be disabled.

FILES

       ${HOME}/.cglast
	      Log file of the last search.

       ${HOME}/.cgvgrc
	      Per-user configuration file (if the defaults are not desireable).

       ${HOME}/.cgvg/*
	      Log files in $HOSTNAME.shell_pid form with the log of the last search.

SEE ALSO

       vg(1), perl(1), find(1), grep(1), cscope(1)

AUTHOR

       cg was written by Joshua Uziel <uzi@uzix.org>.

								    13 Mar 2002 							     CG(1)