Re: Limiting scp access
On Mon, 2006-02-20 at 13:57 +0100, Jochen Schulz wrote:
> Nico De Ranter:
> >
> > The idea is to setup a server which is available from the Internet for 1
> > specific user using scp only, but all other users can get full ssh
> > access when they are connecting from my internal network only.
>
> See man 5 sshd_config for the option AllowUsers. You can qualify
> usernames with a hostname like user@host. Wildcards are allowed, too, so
> it should be possible to do something like
Duh, that's the option I was looking for thanks!
> AllowUsers scponly *@localdomain
>
> But I am not sure about the "localdomain" part. It might be easier to
> run two instances of SSH on the machine. One of them listens on a local
> interface, the other one on the public interface with the restriction
> to the scponly user.
That's what I'm intending to do. Less chance of making a config error
and accidentaly allowing everybody in :-)
Thanks!!
Nico
>
> J.
--
---------------------------------------------------------
"It has been said that there are only two businesses that
refer to customers as users: illegal drug trade and
the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE)
The Corporate Village, Da Vincilaan 7-D1
B-1935 Zaventem, Belgium
Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
Reply to: