Mailinglist Archive: opensuse-security (570 mails)

< Previous Next >
Re: [suse-security] sftp with no ssh login
  • From: Kevin Brannen <kevin_brannen@xxxxxxxxxxxx>
  • Date: Wed, 28 Jan 2004 11:52:02 -0600
  • Message-id: <4017F6C2.6000603@xxxxxxxxxxxx>
Ben Yau wrote:

-----Original Message-----
From: Sven 'Darkman' Michels [mailto:sven@xxxxxxxxxx]

Ben Yau wrote:

Another thing to try is put "logout" at the beginning of ~/.bash_login.
Upon ssh login it will run the .bash_login and log them out.

On sftp, it

won't run ~/.bash_login so they can still sftp

ssh user@xxxxxxxxxxxxxxxxxx rm .bash_login


Ruin my day .. go ahead :)

I started thinking of another solution (along the lines of alias
rm='logout') when I realized that a smart user could just sftp and put in a
new ~/.bash_profile.

Provided they were clever enough to figure out how you auto logged them out.

Depends on what's acceptable at your place. You could give the person (people) a home dir that is owned by root, and all files in the home dir owned by root, with perms of 555 (basically a shell home, just enough to make whatever you need work); then you could set things up that way. It seems to me there should be a more elegant way, but my point is you should be able to make the above work. That is assuming you're allowed to lock it down that tight (by management).


< Previous Next >