Linux secure file sharing without ssh login access

linuxnetwork-share

I'm looking for a way to make a directory on a linux system available for reading to other linux and windows clients. The share must require some authentication from the client and the passwords and files must be sent encrypted.

The clients should only be able to access the shared directory by some protocol, but NOT be able to log in via ssh. If I'm not mistaken that rules out sftp, scp and samba.

Is there a way to achieve this by some other file sharing technique or settings or do I need to have a linux user that can also do ssh login?

If I need a user who can ssh, I have found

https://askubuntu.com/questions/93411/simple-easy-way-to-jail-users

but would prefer not to have the user at all, or block it from logging in.

Best Answer

Using WebDAV protocol is probably the best option for this requirement. You can setup Apache httpd to act as an WebDAV server. WebDAV is a good solution for this requirement because Apache server is flexible when it comes to authentication and WebDAV does not need any special ports opened.

You can consult this tutorial for instructions how to setup Apache as an WebDAV server.

Related Solutions

Linux – Creating multiple SFTP users for one account

Our solution is to create a main user account for each customer, such as flowershop. Each customer can create an arbitrary number of side accounts with their own passwords, such as flowershop_developer, flowershop_tester, flowershop_dba, etc. This allows them to hand out accounts without sharing their main account password, which is better for a whole bunch of reasons (for example, if they need to remove their DBA's account, they can easily do that without changing their own passwords).

Each one of these accounts is in the flowershop group, with a home folder of /home/flowershop/. SSH uses this as the chroot directory (/home/%u, as shown in the configuration in the question).

We then use ACLs to enable every user in group flowershop to modify all files. When a new customer account is created, we set the ACLs as follows:

setfacl -Rm \
d:group:admin:rwx,d:user:www-data:r-x,d:user:$USERNAME:rwx,d:group:$USERNAME:rwx,\
  group:admin:rwx,  user:www-data:r-x,  user:$USERNAME:rwx,  group:$USERNAME:rwx \
/home/$USERNAME/

This does the following:

Gives group admin (for us, the hosting providers) rwx
Gives user www-data (Apache) r-x to the files*
Gives user $USERNAME rwx to the files
Gives group $USERNAME rwx to the files

This setup appears to be working well for us, but we are open to any suggestions for doing it better.

_{* we use suexec for CGI/PHP running as the customer account}

Linux – Secure file transfer in linux without SSH

The good old File Transfer Protocol (FTP) was invented for transferring files. To use it in a secure way, you can use ftps (which is not sftp, but ftp over ssl) or set up a vpn connection for security.

When I search for vsftpd+ssl, this is the first result which seems like a reasonable starting point.

Best Answer

Related Solutions

Linux – Creating multiple SFTP users for one account

Linux – Secure file transfer in linux without SSH

Related Topic