Re: scp non root

[Helmut Wollmersdorfer <helmut.wollmersdorfer@fixpunkt.de>]

Am 11.04.2013 um 14:04 schrieb Bonno Bloksma:

> Our Linux servers have no users configured except for the default  
> first use besides root. These servers provide a service and do not  
> require users to log on to the machine.
> Of course root cannot login via ssh and that is no problem. A simple  
> su - is enough to make myself root after that and perform the  
> necessary tasks. But…
>
> I sometimes need to copy some files from the server to my machine  
> and want to use scp but… as my default user I do not have access to  
> the files that I just have been able to access as root. So I need to:
> -       cp the file to the /home/username directory.
> -       make sure the filesystem rights are proper for the user to  
> access the them
> Then I can scp as the user to the server and get the file. And of  
> course in reverse order if I want to place a file on the system.

As root@server:

# scp  /some/path/file.txt user@devel.your.domain:~/.

or back

# scp   user@devel.your.domain:~/file.txt  /some/path/.

> Is there a better way or is that the way it needs to be done?

Disallow root-login is inconvenient if you often need root permissions.

There are other ways to lower the risc without restricting access  
completely.

1) You can allow root/ssh login, but restrict it to known IPs. Works  
also for host-names, also via dynDNS in the case of dynamic IPs.

2) Use key autorisation. This is convenient for batch or cron jobs,  
e.g. backup via rsync.

3) If you often need access from home, on travel, from other client  
computers, then allow password login for a normal user (you) and su to  
root.

Helmut Wollmersdorfer