Locking down access vi winscp Post: 302958608

Sponsored Content

Operating Systems AIX Locking down access vi winscp Post 302958608 by juredd1 on Friday 23rd of October 2015 06:03:23 PM

10-23-2015

Registered User

Locking down access vi winscp

Did some search but didn't find what I was looking for. We have a fairly complex system in which we have a special shell that is actually a script that runs some checks to make sure the user is coming in via the approved ssh client and if not they are kicked out.
Recently we figured out folks are coming in via winscp and it would appear that winscp does not follow the same rules so the special script not getting invoked and blocking them.
Does users coming in via winscp run the .profile for a given user?

I thought I knew AIX pretty well but this is beyond me at this point.
So users are coming in through winscp and accessing areas that they should not be in. Those areas are more open than they should normally but user when logging in normally don't get shell access they are forced into a program so the areas of concerns were never accessible to them. It's really an application issue that is causing those sensitive areas to be open like they are so they can't be locked down at the file/directory level.

Is anyone aware of a way to lock a user down into their home directory when using tools like winscp? We use chroot type security on our linux "FTP". But not sure how putting chroot type security on this AIX server might affect normal enduser logins to the application that resides on this server as when they come in like they should the application is the one accessing the other sensitive areas and is not allowing the user to access areas that don't belong to them.

Thanks for your time.
Justin

juredd1

View Public Profile for juredd1

Find all posts by juredd1

6 More Discussions You Might Find Interesting

1. Linux

WINSCP for Linux?

Is there something that will work on Linux with the same functionality like Winscp?

2. AIX

File access issue through sftp/winscp

Hi, I have SSH where I want to restrict browsing for a user "drrep" to the assigned home directory only.So I have put a entry in the sshd_config file as �AllowFiles "drrep:/fcrarch/fl02r/*" as shown in the scrren below. But due to this setting none of the users are able to login through winscp...

3. AIX

winscp between AIX and windows

Hello Admins, I am trying to copy some files/packages from my windows host to AIX server. I am a normal user not root. I am getting an error as below: cannot initialize sftp protocol..... I have enabled the ftp service. Could you help me out..

4. AIX

WINSCP Log in AIX 6.1

Hello Team, In my environment , Application team using winscp to create/modify/delete the files in the AIX server from their windows boxes. I have enabled the user history, su logs and lastlog, but the users whoever using winscp its not getting tracked. How to enable the WINSCP logs in AIX...

5. UNIX for Dummies Questions & Answers

What is winscp?

Hi I am new to using unix and editors for unix.. what is winscp? how to use it? what are ways to download this and learn?

6. UNIX for Dummies Questions & Answers

Putty and winscp - what is the difference?

Want to understand the difference between putty and winscp. thanks in advance

LEARN ABOUT DEBIAN

git-sh-setup

GIT-SH-SETUP(1) 						    Git Manual							   GIT-SH-SETUP(1)

NAME

       git-sh-setup - Common git shell script setup code

SYNOPSIS

       . "$(git --exec-path)/git-sh-setup"

DESCRIPTION

       This is not a command the end user would want to run. Ever. This documentation is meant for people who are studying the Porcelain-ish
       scripts and/or are writing new ones.

       The git sh-setup scriptlet is designed to be sourced (using .) by other shell scripts to set up some variables pointing at the normal git
       directories and a few helper shell functions.

       Before sourcing it, your script should set up a few variables; USAGE (and LONG_USAGE, if any) is used to define message given by usage()
       shell function. SUBDIRECTORY_OK can be set if the script can run from a subdirectory of the working tree (some commands do not).

       The scriptlet sets GIT_DIR and GIT_OBJECT_DIRECTORY shell variables, but does not export them to the environment.

FUNCTIONS

       die
	   exit after emitting the supplied error message to the standard error stream.

       usage
	   die with the usage message.

       set_reflog_action
	   set the message that will be recorded to describe the end-user action in the reflog, when the script updates a ref.

       git_editor
	   runs an editor of user's choice (GIT_EDITOR, core.editor, VISUAL or EDITOR) on a given file, but error out if no editor is specified
	   and the terminal is dumb.

       is_bare_repository
	   outputs true or false to the standard output stream to indicate if the repository is a bare repository (i.e. without an associated
	   working tree).

       cd_to_toplevel
	   runs chdir to the toplevel of the working tree.

       require_work_tree
	   checks if the current directory is within the working tree of the repository, and otherwise dies.

       require_work_tree_exists
	   checks if the working tree associated with the repository exists, and otherwise dies. Often done before calling cd_to_toplevel, which
	   is impossible to do if there is no working tree.

       require_clean_work_tree <action> [<hint>]
	   checks that the working tree and index associated with the repository have no uncommitted changes to tracked files. Otherwise it emits
	   an error message of the form Cannot <action>: <reason>. <hint>, and dies. Example:

	       require_clean_work_tree rebase "Please commit or stash them."

       get_author_ident_from_commit
	   outputs code for use with eval to set the GIT_AUTHOR_NAME, GIT_AUTHOR_EMAIL and GIT_AUTHOR_DATE variables for a given commit.

GIT

       Part of the git(1) suite

Git 1.7.10.4							    11/24/2012							   GIT-SH-SETUP(1)