Re: Limiting scp access

[Nico De Ranter <nico@sonycom.com>]

On Mon, 2006-02-20 at 13:57 +0100, Jochen Schulz wrote:
> Nico De Ranter:
> > 
> > The idea is to setup a server which is available from the Internet for 1
> > specific user using scp only, but all other users can get full ssh
> > access when they are connecting from my internal network only.
> 
> See man 5 sshd_config for the option AllowUsers. You can qualify
> usernames with a hostname like user@host. Wildcards are allowed, too, so
> it should be possible to do something like

Duh, that's the option I was looking for thanks!

> AllowUsers scponly *@localdomain
> 
> But I am not sure about the "localdomain" part. It might be easier to
> run two instances of SSH on the machine. One of them listens on a local
> interface, the other one on the public interface with the restriction
> to the scponly user.

That's what I'm intending to do. Less chance of making a config error
and accidentaly allowing everybody in :-)

Thanks!!

Nico

> 
> J.
-- 
---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE)
The Corporate Village, Da Vincilaan 7-D1
B-1935 Zaventem, Belgium
Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22