Mailinglist Archive: opensuse-security (570 mails)

< Previous Next >
Re: [suse-security] sftp with no ssh login
  • From: Kevin Brannen <kevin_brannen@xxxxxxxxxxxx>
  • Date: Wed, 28 Jan 2004 11:52:02 -0600
  • Message-id: <4017F6C2.6000603@xxxxxxxxxxxx>
Ben Yau wrote:

-----Original Message-----
From: Sven 'Darkman' Michels [mailto:sven@xxxxxxxxxx]

Ben Yau wrote:

Another thing to try is put "logout" at the beginning of ~/.bash_login.
Upon ssh login it will run the .bash_login and log them out.

On sftp, it

won't run ~/.bash_login so they can still sftp

ssh user@xxxxxxxxxxxxxxxxxx rm .bash_login

;)


Ruin my day .. go ahead :)

I started thinking of another solution (along the lines of alias
rm='logout') when I realized that a smart user could just sftp and put in a
new ~/.bash_profile.

Provided they were clever enough to figure out how you auto logged them out.
...


Depends on what's acceptable at your place. You could give the person (people) a home dir that is owned by root, and all files in the home dir owned by root, with perms of 555 (basically a shell home, just enough to make whatever you need work); then you could set things up that way. It seems to me there should be a more elegant way, but my point is you should be able to make the above work. That is assuming you're allowed to lock it down that tight (by management).

HTH,
Kevin


< Previous Next >
References