[Gllug] Non-interactive sftp
Steve Nelson
sanelson at gmail.com
Tue Oct 11 10:22:21 UTC 2005
On 10/10/05, Tethys <sta296 at astradyne.co.uk> wrote:
>
> Steve Nelson writes:
>
> >I'm trying to allow sftp using key-based authentication so that some
> >critical files can be transferred securely via cron.
>
> Err... why? sftp is designed for interactive use.
Because I had mistakenly thought that sftp could be used without an
interactive shell.
> If you want something
> non-interactive to run from cron, use scp instead. That said, you'll
> still have the same problems. You can mitigate them by:
> 1. Running a restrictive shell. This screws people that want to use a
> graphical client like winscp, as /bin/ls won't work, so they won't
> get a file listing. If your target audience doesn't include such
> people, then it's worth considering.
Yep - I may well do this.
> 2. Running in a chrooted environment. This is a good idea for many reasons.
Indeed.
> 3. Restricting the commands that a user is allowed to run if they've
> authenticated with a given key. Again, a good idea.
This is the real discovery - I've read some more about this, and
implemented it as the solution. Thanks,
> Tet
S.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list