Scponly Limited User can not SSH login, sftp scp to upload files to the specified directory

The company is based on security considerations, required to give users SFTP,SCP permissions can upload relevant files to the specified directory, but not SSH login, considering RSSH is also a solution, but a little trouble, and finally found the scponly

Just say the configuration process,

If your system is CentOS, then use this configuration directly

1.wget -c http://nchc.dl.sourceforge.net/s ... nly/scponly-4.8.tgz  #scponly   The supported software is SCP, SFP, rsync, Subversion, Gftp and other clients 2. ./configure –prefix=/usr/local/scponly – Enable-chrooted-binary –enable-sftp-logging-compat –enable-scp-compat –enable-passwd-compat3.  make && make install  #安装配置4 .echo /usr/local/scponly/sbin/scponlyc  >> /etc/shells5.make jail  #建立chroot用户, directories and upload folders,  Follow the prompts and we're going to write a script #vi limit_ Scp.sh#!/bin/bashcp /lib64/ld-linux-x86-64.so.* in /home/$1/lib64/cp /lib64/libnss_ Files.so.2 /home/$1/usr/lib64/ldconfig -r /home/$1/cp /etc/group /home/$1/etc/mkdir  /home/$1/devmknod /home/$1/dev/null c 1 3chmod 666 /home/$1/dev/nullcat  > /etc/sysconfig/selinux << EOFSELINUX=disabledSELINUXTYPE=targetedEOFexit  #sh &NBSP;+X&NBSP;LIMIT_SCP.SH&NBSP;USERNAME&Nbsp;       #username   is jail   We set the above steps to complete the Scp/sftp upload directory to make a limit. Okay, we can go straight to our test session.

If your system is Ubuntu, then you should pay attention to the version, my is Ubuntu 12.04.1 LTS

#wget HTTP://NCU.DL.SOURCEFORGE.NET/PROJECT/SCPONLY/SCPONLY/SCPONLY-4.8/SCPONLY-4.8.TGZ#TAR-ZXVF scponly-4.8.tgz #./configure-prefix=/usr/local/scponly-enable-chrooted-binary-enable-sftp-logging-compat-enable-scp-compat- enable-passwd-compat# make

Gcc-g-o2-i.-I.-dhave_config_h-ddebugfile= ' "/usr/local/scponly/etc/scponly/debuglevel" '

-O scponly.o-c scponly.c
scponly.c:in function ' main ':
Scponly.c:226:9: warning:ignoring return value of ' fscanf ', declared with attribute

Warn_unused_result [-wunused-result]
Gcc-g-o2-i.-I.-dhave_config_h-ddebugfile= ' "/usr/local/scponly/etc/scponly/debuglevel" '

-O helper.o-c helper.c
helper.c:in function ' Check_dangerous_args ':
Helper.c:233:6: Error: #elif with no expression
Make: * * * [HELPER.O] Error 1

[Email Protected]:/tmp/scponly-4.8#vi helper.c

Take line No. 233.
#elif
Change into
#else

and re-make.

[Email protected]:/tmp/scponly-4.8#make && make Install[email protected]:/tmp/scponly-4.8#echo/usr/local/ SCPONLY/SBIN/SCPONLYC >>/etc/shells[email protected]:/tmp/scponly-4.8#ln-s/lib64/ld-linux-x86-64.so.2/lib/ Ld.so[email Protected]:/tmp/scponly-4.8#make jail #建立chroot用户, directories and upload folders, enter as prompted

-en Username to install [scponly]

MyTest #要建的用户

-en Home directory wish to set for this user [/home/usertest]

#用户的目录

-en name of the writeable subdirectory [incoming]

www #用户上传的目录

Your platform (Linux) does not has a platform specific setup script.

This install script would attempt a best guess.

If you perform customizations, please consider sending me your changes.

Look to the templates in Build_extras/arch.

-Joe at sublimation dot org

Please set the password for usertest:

Enter New UNIX Password:

[Email Protected]:/tmp/scponly-4.8#mkdir/home/usertest/dev[email protected]:/tmp/scponly-4.8#cp-rp/dev/null/home /usertest/dev[email Protected]:/tmp/scponly-4.8#cp/lib64/ld-linux-x86-64.so.2/home/usertest/lib64/[email Protected]:/tmp/scponly-4.8#cp/lib/x86_64-linux-gnu/libnss_*-av/home/mygod/lib

Note: If you do not copy lib, you will get an error, similar to:

Scponly Unknown user 1005 lost connection

Okay, let's test it.

SSH

[Email protected]:/home/mygod# ssh [email protected] the authenticity of  host  ' 18.92.185.2  (18.92.185.2) '  can ' t be established. Ecdsa key fingerprint is c1:c2:6a:7a:68:c8:e5:a6:87:f4:9b:95:d5:fd:ff:09.are you  sure you want to continue connecting  (yes/no)? yeswarning:  permanently added  ' 18.92.185.2 '   (ECDSA)  to the list of known  Hosts. [email protected] ' s password: welcome to aliyun elastic compute  service! the programs included with the ubuntu system are free software; The exact distribution terms for each program are described in  theindividual files in /usr/share/doc/*/copyright. ubuntu comes with absolutely no warranty, to the  Extent permitted byapplicable law. last login: tue may  5 16:57:18 2015 from  183.11.156.185connection to 18.92.185.2 closed.

SFTP

[Email protected]:/home/mygod# sftp [email protected][email protected] ' s password:connected to 18.92.185.2.sftp>    Lsbin Dev etc lib lib64 usr www sftp> cd/sftp> lsbin dev etc lib lib64 usr www sftp> cd/rootcouldn ' t canonicalise:no such file or directorysftp>

Scp

[Email protected]:/tmp# SCP a.txt [email protected]:www[email protected] ' s password:a.txt 100% 4 0.0kb/s 00:00

Verify that the directory is locked

[Email protected]:/tmp# SCP [email protected]:/etc/group./[email protected] ' s PASSWORD:SCP:/etc/group:no such file or Directory

This article is from the "xiangcun168" blog, make sure to keep this source http://xiangcun168.blog.51cto.com/4788340/1642217

Scponly Limited User can not SSH login, sftp scp to upload files to the specified directory