Install and setup rssh and scponly
With use of OpenSSH, rssh is a restricted shell, scp and sftp are only allow. It also includes rdist, rsync and cvs support. Rssh is also known to work for a list of platform. Scponly is an alternative shell. The system administrators provide access with read and write local files without providing remote execution privilege to the remote user. A common usage of scponly is creating semi-public account. It is best described as a wrapper to the tried and true ssh suite of applications.
We can use yum or apt-get to install rssh and scponly in servers.
# apt-get install rssh
# apt-get install scponly
# yum install rssh
# yum install scponly
If there are any problems occurs to install rssh, then you should download sources and do the following steps.
Here are the links:
latest rssh .tar.gz
latest scponly .tgz.
scponly does not need any configuration and works out of the box so you just should set it as a shell for user account.
Create new user account with scponly.
# useradd -s /usr/sbin/scponly user
To modify user account to set rssh as a shell
# usermod -s /usr/sbin/rssh user2
Restrict all users to scp and rsync only then you should uncomment lines in rssh.conf.
The user1 is enabled only scp and rsync using rssh. To access the server via SSH under user1 account will end with the following output.
This account is restricted by rssh.
Allowed commands: scp rsync
If you believe this is in error, please contact your system administrator.
Connection to IP closed.
But in the same time scp transfers will work without any problem
scp -P 23451 /etc/test.file user1@IP:/tmp
test.file 100% 983 1.0KB/s 00:00
If you need any further assistance please reach our support department.