Mailing List Archive

You can try using SCPONLY.

scponly is an alternative "shell" (of sorts) for system administrators
who would like to provide access to remote users to both read and write
local files without providing any remote execution privileges.

This would mean users with this shell can neither login interactively
nor execute commands remotely. They can however, scp files in and out,
governed by the usual Unixish file permissions.

Detailed Information: http://linux.die.net/man/8/scponly


How to install it:
http://www.sublimation.org/scponly/wiki/index.php/Install

Cheers
Amardeep
________________________________________



-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Hellmachine
Sent: Monday, March 16, 2009 6:32 AM
To: secureshell@securityfocus.com
Subject: OpenSSH/WinSCP - Login-"Problem"

Dear Mailing List-member,

first of all let me tell you that I am glad to be a member of the list
now.

My name is Patrick.

So, and now let's switch to troubleshooting :-)

My environment is a Windows XP SP3 Client running OpenSSH as service.
SFTP enabled. All works great...a little bit too great :-)

I have the following problem. I have 2 accounts on the SSH: One for me
and one for my brother.

At work I use putty to connect to my Server. I enabled dynamic
portforwarding and added localhost and the dynamic port as a Socks-Proxy

to my browser. Now I can surf the web from anywhere using my
home-Internet-Connection. That works great.

But even my brother can use this connection...and this is what I do not
want.

He should be able to connect via SCP-Client (WinSCP) to the SFTP-Server
but NOT(!) connect via putty and SSH (so he can't use the connection as
socks-proxy).

But when I diable SSH-connection for his account, even SCP does not
work.

Can someone help me? I am a completely newbie to this topic. So, if
there is a solution, please explain it "slowly and simple"

Thanks in advance

Patrick

Amardeep Singh