Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
NAME
       scponly

SYNOPSIS
       scponly -- limited shell	for secure file	transfers

DESCRIPTION
       scponly	is an alternative "shell" (of sorts) for system	administrators
       who would like to provide access	to remote users	to both	read and write
       local files without providing any remote	execution  privileges.	 Func-
       tionally, it is best described as a wrapper to the trusted suite	of ssh
       applications.

       A typical usage of scponly is in	creating a semi-public account not un-
       like  the  concept of anonymous login for ftp.  This allows an adminis-
       trator to share files in	the same way an	 anonymous  ftp	 setup	would,
       only  employing	all  the  protection that ssh provides.	 This is espe-
       cially significant if you consider that	ftp  authentications  traverse
       public networks in a plaintext format.

       Instead	of  just a single anonymous user, scponly supports configuring
       potentially many	users, each of which could be set up to	provide	access
       to distinct directory trees.  Aside from	the installation details, each
       of these	users would have their default shell  in  /etc/passwd  set  to
       "/usr/local/bin/scponly"	 (or wherever you choose to install it).  This
       would mean users	with this shell	can neither login interactively	or ex-
       ecute commands remotely.	 They can however, scp files in	and out,  gov-
       erned by	the usual Unixish file permissions.

FEATURES
          Logging:  scponly  logs  time, client IP address, username, and the
	   actual request to syslog.

          chroot: scponly can chroot to the user's  home  directory  (or  any
	   other  directory  the user has permissions for), disallowing	access
	   to the rest of the filesystem.

          sftp	compatibility:	My testing of sftp  against  an	 scponly  user
	   worked  great.   This  is probably the cleanest and most usable way
	   for an scponly user to access files.

          Security checks:  root login	 is  disallowed	 (though  root	should
	   never be configured to be using scponly as the default shell.)

          WinSCP 2.0 compatibility: scponly can be compiled in	WinSCP compat-
	   ibility  mode that will permit a "semi-interactive" shell that Win-
	   SCP can use.

          gftp	compatibility: scponly is compatible with gftp if you set "use
	   ssh2	sftp subsys" in	your gftp options.

       scponly doesn't do anything to manage read/write	permissions.  The  ssh
       applications  already  do that just fine.  If you use scponly, be aware
       that good old Unix-style	file permissions are still doing the  work  of
       protecting your files.

NOTES
          As recent as	June 26, 2002, vulnerabilities have been discovered in
	   OpenSSH.   There  is	also a SSH1 protocol vulnerability.  If	you're
	   going to use	scponly	, be aware it is no more secure	than  the  ssh
	   installation	it runs	on.

          I've	 since	discovered that	ssh.com's commercial ssh offering sup-
	   ports BOTH "dummy  users"  as  well	as  functionality  paralleling
	   scponly.  I have not	been able to find any notes on these features,
	   but	I  did	read  that they	exist.	I will make a point to include
	   more	information later.  It appears that OpenSSH does not yet  sup-
	   port	 these features.  At this time,	I have no plans	to end-of-life
	   scponly, though ultimately, I recognize that	scponly	should eventu-
	   ally	become just a feature of whichever sshd	you may	run.

FILES
       /usr/local/bin/scponly		 The default location  for  the	 shell
					 itself.
       /usr/local/sbin/scponlyc		 The default location for the chrooted
					 version of scponly
       /etc/shells			 To  be	 a  proper shell, it has to be
					 included here.

SEE ALSO
       chroot(2), ssh(1), scp(1), sftp(1), shells(5), sshd(8).

AUTHORS
       Joe Boyle <joe@sublimation.org>.

LEGALITIES
       Copyright (C) 2001, 2002, 2003 Joe Boyle	<joe@sublimation.org>.

       Redistribution and use in source	and binary forms, with or without mod-
       ification, are permitted	provided that  the  following  conditions  are
       met:

       1.  Redistributions  of source code must	retain the above copyright no-
       tice, this list of conditions and the following disclaimer.

       2. Redistributions in binary form must reproduce	 the  above  copyright
       notice,	this  list  of	conditions and the following disclaimer	in the
       documentation and/or other materials provided with the distribution.

       THIS SOFTWARE IS	PROVIDED BY THE	AUTHOR ``AS IS'' AND  ANY  EXPRESS  OR
       IMPLIED	WARRANTIES,  INCLUDING,	 BUT  NOT LIMITED TO, THE IMPLIED WAR-
       RANTIES OF MERCHANTABILITY AND FITNESS FOR  A  PARTICULAR  PURPOSE  ARE
       DISCLAIMED.  IN NO EVENT	SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, IN-
       DIRECT,	INCIDENTAL,  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (IN-
       CLUDING,	BUT NOT	LIMITED	TO, PROCUREMENT	OF SUBSTITUTE  GOODS  OR  SER-
       VICES; LOSS OF USE, DATA, OR PROFITS; OR	BUSINESS INTERRUPTION) HOWEVER
       CAUSED AND ON ANY THEORY	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIA-
       BILITY,	OR TORT	(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
       OUT OF THE USE OF THIS SOFTWARE,	EVEN IF	ADVISED	OF THE POSSIBILITY  OF
       SUCH DAMAGE.

BUGS
       Versions	prior to 2.4 have a vulnerability wherein the .ssh/environment
       file  can  be used to override $PATH and	$LD_LIBRARY_PATH vars, compro-
       mising the shell.

				 Sept 03, 2002			    scponly(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=scponly&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help