Scponly Limited User can not SSH login, sftp scp to upload files to the specified directory

Source: Internet
Author: User

The company is based on security considerations, required to give users SFTP,SCP permissions can upload relevant files to the specified directory, but not SSH login, considering RSSH is also a solution, but a little trouble, and finally found the scponly

Just say the configuration process,

If your system is CentOS, then use this configuration directly

1.wget -c ... nly/scponly-4.8.tgz  #scponly   The supported software is SCP, SFP, rsync, Subversion, Gftp and other clients 2. ./configure –prefix=/usr/local/scponly – Enable-chrooted-binary –enable-sftp-logging-compat –enable-scp-compat –enable-passwd-compat3.  make && make install  #安装配置4 .echo /usr/local/scponly/sbin/scponlyc  >> /etc/shells5.make jail  #建立chroot用户, directories and upload folders,  Follow the prompts and we're going to write a script #vi limit_!/bin/bashcp /lib64/* in /home/$1/lib64/cp /lib64/libnss_ /home/$1/usr/lib64/ldconfig -r /home/$1/cp /etc/group /home/$1/etc/mkdir  /home/$1/devmknod /home/$1/dev/null c 1 3chmod 666 /home/$1/dev/nullcat  > /etc/sysconfig/selinux << EOFSELINUX=disabledSELINUXTYPE=targetedEOFexit  #sh &NBSP;+X&NBSP;LIMIT_SCP.SH&NBSP;USERNAME&Nbsp;       #username   is jail   We set the above steps to complete the Scp/sftp upload directory to make a limit. Okay, we can go straight to our test session.

If your system is Ubuntu, then you should pay attention to the version, my is Ubuntu 12.04.1 LTS

#wget HTTP://NCU.DL.SOURCEFORGE.NET/PROJECT/SCPONLY/SCPONLY/SCPONLY-4.8/SCPONLY-4.8.TGZ#TAR-ZXVF scponly-4.8.tgz #./configure-prefix=/usr/local/scponly-enable-chrooted-binary-enable-sftp-logging-compat-enable-scp-compat- enable-passwd-compat# make
Gcc-g-o2-i.-I.-dhave_config_h-ddebugfile= ' "/usr/local/scponly/etc/scponly/debuglevel" '

-O scponly.o-c scponly.c
scponly.c:in function ' main ':
Scponly.c:226:9: warning:ignoring return value of ' fscanf ', declared with attribute

Warn_unused_result [-wunused-result]
Gcc-g-o2-i.-I.-dhave_config_h-ddebugfile= ' "/usr/local/scponly/etc/scponly/debuglevel" '

-O helper.o-c helper.c
helper.c:in function ' Check_dangerous_args ':
Helper.c:233:6: Error: #elif with no expression
Make: * * * [HELPER.O] Error 1
[Email Protected]:/tmp/scponly-4.8#vi helper.c
Take line No. 233.
Change into

and re-make.
[Email protected]:/tmp/scponly-4.8#make && make Install[email protected]:/tmp/scponly-4.8#echo/usr/local/ SCPONLY/SBIN/SCPONLYC >>/etc/shells[email protected]:/tmp/scponly-4.8#ln-s/lib64/[email Protected]:/tmp/scponly-4.8#make jail #建立chroot用户, directories and upload folders, enter as prompted

-en Username to install [scponly]

MyTest #要建的用户

-en Home directory wish to set for this user [/home/usertest]


-en name of the writeable subdirectory [incoming]

www #用户上传的目录

Your platform (Linux) does not has a platform specific setup script.

This install script would attempt a best guess.

If you perform customizations, please consider sending me your changes.

Look to the templates in Build_extras/arch.

-Joe at sublimation dot org

Please set the password for usertest:

Enter New UNIX Password:

[Email Protected]:/tmp/scponly-4.8#mkdir/home/usertest/dev[email protected]:/tmp/scponly-4.8#cp-rp/dev/null/home /usertest/dev[email Protected]:/tmp/scponly-4.8#cp/lib64/[email Protected]:/tmp/scponly-4.8#cp/lib/x86_64-linux-gnu/libnss_*-av/home/mygod/lib

Note: If you do not copy lib, you will get an error, similar to:

Scponly Unknown user 1005 lost connection

Okay, let's test it.


[Email protected]:/home/mygod# ssh [email protected] the authenticity of  host  '  ( '  can ' t be established. Ecdsa key fingerprint is c1:c2:6a:7a:68:c8:e5:a6:87:f4:9b:95:d5:fd:ff:09.are you  sure you want to continue connecting  (yes/no)? yeswarning:  permanently added  ' '   (ECDSA)  to the list of known  Hosts. [email protected] ' s password: welcome to aliyun elastic compute  service! the programs included with the ubuntu system are free software; The exact distribution terms for each program are described in  theindividual files in /usr/share/doc/*/copyright. ubuntu comes with absolutely no warranty, to the  Extent permitted byapplicable law. last login: tue may  5 16:57:18 2015 from to closed.


[Email protected]:/home/mygod# sftp [email protected][email protected] ' s password:connected to>    Lsbin Dev etc lib lib64 usr www sftp> cd/sftp> lsbin dev etc lib lib64 usr www sftp> cd/rootcouldn ' t canonicalise:no such file or directorysftp>


[Email protected]:/tmp# SCP a.txt [email protected]:www[email protected] ' s password:a.txt 100% 4 0.0kb/s 00:00

Verify that the directory is locked

[Email protected]:/tmp# SCP [email protected]:/etc/group./[email protected] ' s PASSWORD:SCP:/etc/group:no such file or Directory

This article is from the "xiangcun168" blog, make sure to keep this source

Scponly Limited User can not SSH login, sftp scp to upload files to the specified directory

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.