I'm running Debian stable and I'm looking to establish the following environment for users in my 'sftponly' group:
- jailed
- can transfer with SFTP
- can transfer with SCP
- cannot login interactively with SSH
From my experimentation and research, it seems that the following stanza in sshd_config gets me 90% there:
Match group sftponly
ChrootDirectory /sftp/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
This gives me jailed SFTP and no SSH, which is good. But it also disables SCP, which is less than ideal because quite a few clients are legacy, scripted processes that use SCP rather than SFTP (the server we're replacing supported both protocols), and since those clients are not under our control and easily modified, it's likely not practical to disable SCP altogether.
It makes sense that this configuration would disable SCP, as incoming SCP connections cause sshd to spawn an `scp' process via the user's login shell, as that user. It seems that the same would normally be true of SFTP, were it not for the special 'internal-sftp' handler.
So, I suppose my question is: is there a way to achieve the same effect as 'internal-sftp' but for SCP, without resorting to the use of third-party tools like scponly and rssh? The really nice thing about 'internal-sftp' is that it doesn't require setting up a jail with support files, or dealing with potentially-exploitable third party setuid binaries (rssh, in particular, has a history of exploits).
Best Answer
Take a look at rssh which is an alternative shell that allows limited access to a system.
You can configure which commands can be used on a per-user or system wide basis using the rssh.conf file
Alternatively you can use scponly to do what you want. It acts as a wrapper to the ssh suite and allows file transfer but not shell access.