So, I have a "personal" server, and it is only being used by me at the moment, but now I want some of my friends to be able to download files through scp using a SSH Key that they will provide to me, but I don't want them to be able to enter my server via SSH nor see the files that I have.
Is there a way that I can limit what they can and can't do via their SSH Key?
If not, is there other alternatives besides restricting a SSH Key?
Asked
Active
Viewed 126 times
1
edu_correia
- 11
-
1Does this answer your question? How can I chroot sftp-only SSH users into their homes? – muru Jun 15 '23 at 12:31
-
Restrict them to SFTP only. In newer versions, scp uses the SFTP protocol, but even if it didn't sftp is still the better way – muru Jun 15 '23 at 12:32
1 Answers
0
There is a program called scponly that is used exactly to achieve what you want. You must set this program as a shell for a user that you want to restrict only to scp.
However, the program is not available in Ubuntu repositories, so you need to compile it from source. Here I found a tutorial on how to do it. Of course, you don't have to follow it literally - you eg. don't have to create /pub/upload directory if you don't need it, and also you probably will have to adjust file/directory permissions to your needs, but the key point is that if you set /usr/local/bin/scponly as a user's shell, that user will be able to use scp/sftp, but will be unable to login interactively over ssh.
raj
- 10,353