Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
scponly(8)		  BSD System Manager's Manual		    scponly(8)

NAME
     scponly

SYNOPSIS
     scponly --	limited	shell for secure file transfers

DESCRIPTION
     scponly is	an alternative "shell" (of sorts) for system administrators
     who would like to provide access to remote	users to both read and write
     local files without providing any remote execution	privileges.  Function-
     ally, it is best described	as a wrapper to	the trusted suite of ssh ap-
     plications.

     A typical usage of	scponly	is in creating a semi-public account not un-
     like the concept of anonymous login for ftp.  This	allows an administra-
     tor to share files	in the same way	an anonymous ftp setup would, only em-
     ploying all the protection	that ssh provides.  This is especially signif-
     icant if you consider that	ftp authentications traverse public networks
     in	a plaintext format.

     Instead of	just a single anonymous	user, scponly supports configuring po-
     tentially many users, each	of which could be set up to provide access to
     distinct directory	trees.	Aside from the installation details, each of
     these users would have their default shell	in /etc/passwd set to
     "/usr/local/bin/scponly" (or wherever you choose to install it).  This
     would mean	users with this	shell can neither login	interactively or exe-
     cute commands remotely.  They can however,	scp files in and out, governed
     by	the usual Unixish file permissions.

FEATURES
     +o	 Logging: scponly logs time, client IP address,	username, and the ac-
	 tual request to syslog.

     +o	 chroot: scponly can chroot to the user's home directory (or any other
	 directory the user has	permissions for), disallowing access to	the
	 rest of the filesystem.

     +o	 sftp compatibility:  My testing of sftp against an scponly user
	 worked	great.	This is	probably the cleanest and most usable way for
	 an scponly user to access files.

     +o	 Security checks:  root	login is disallowed (though root should	never
	 be configured to be using scponly as the default shell.)

     +o	 WinSCP	2.0 compatibility: scponly can be compiled in WinSCP compati-
	 bility	mode that will permit a	"semi-interactive" shell that WinSCP
	 can use.

     +o	 gftp compatibility: scponly is	compatible with	gftp if	you set	"use
	 ssh2 sftp subsys" in your gftp	options.

     scponly doesn't do	anything to manage read/write permissions.  The	ssh
     applications already do that just fine.  If you use scponly, be aware
     that good old Unix-style file permissions are still doing the work	of
     protecting	your files.

NOTES
     +o	 As recent as June 26, 2002, vulnerabilities have been discovered in
	 OpenSSH.  There is also a SSH1	protocol vulnerability.	 If you're go-
	 ing to	use scponly , be aware it is no	more secure than the ssh in-
	 stallation it runs on.

     +o	 I've since discovered that ssh.com's commercial ssh offering supports
	 BOTH "dummy users" as well as functionality paralleling scponly.  I
	 have not been able to find any	notes on these features, but I did
	 read that they	exist.	I will make a point to include more informa-
	 tion later.  It appears that OpenSSH does not yet support these fea-
	 tures.	 At this time, I have no plans to end-of-life scponly, though
	 ultimately, I recognize that scponly should eventually	become just a
	 feature of whichever sshd you may run.

FILES
     /usr/local/bin/scponly	       The default location for	the shell it-
				       self.
     /usr/local/sbin/scponlyc	       The default location for	the chrooted
				       version of scponly
     /etc/shells		       To be a proper shell, it	has to be in-
				       cluded here.

SEE ALSO
     chroot(2),	ssh(1),	scp(1),	sftp(1), shells(5), sshd(8).

AUTHORS
     Joe Boyle <joe@sublimation.org>.

LEGALITIES
     Copyright (C) 2001, 2002, 2003 Joe	Boyle <joe@sublimation.org>.

     Redistribution and	use in source and binary forms,	with or	without	modi-
     fication, are permitted provided that the following conditions are	met:

     1.	Redistributions	of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.

     2.	Redistributions	in binary form must reproduce the above	copyright no-
     tice, this	list of	conditions and the following disclaimer	in the docu-
     mentation and/or other materials provided with the	distribution.

     THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IM-
     PLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     OF	MERCHANTABILITY	AND FITNESS FOR	A PARTICULAR PURPOSE ARE DISCLAIMED.
     IN	NO EVENT SHALL THE AUTHOR BE LIABLE FOR	ANY DIRECT, INDIRECT, INCIDEN-
     TAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     LIMITED TO, PROCUREMENT OF	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED	AND ON ANY
     THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (IN-
     CLUDING NEGLIGENCE	OR OTHERWISE) ARISING IN ANY WAY OUT OF	THE USE	OF
     THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

BUGS
     Versions prior to 2.4 have	a vulnerability	wherein	the .ssh/environment
     file can be used to override $PATH	and $LD_LIBRARY_PATH vars, compromis-
     ing the shell.

				 Sept 03, 2002

NAME | SYNOPSIS | DESCRIPTION | FEATURES | NOTES | FILES | SEE ALSO | AUTHORS | LEGALITIES | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=scponly&manpath=FreeBSD+9.0-RELEASE+and+Ports>

home | help