gpg: Signature made Fri Sep 4 11:25:28 2015 UTC
gpg: using RSA key E99E8EEE1986B8E1
gpg: Can't check signature: No public key
On 03/09/2015 16:49, Hugo Mills wrote:
> On Thu, Sep 03, 2015 at 04:42:27PM +0100, Murray Crane wrote:
>> Hi all,
>>
>> Hoping to crowdsource your knowledge.
>>
>> In Ubuntu/Debian, is it possible to set up the www-data user with SSH
>> access (for development purposes; read/write to the web server document
>> root) but not "shell access" otherwise?
>>
>> The SSH will be pub-key only, but I already know how to do such things (to
>> avoid obvious "do it key only" suggestions).
>> Kind regards
> There's a project called scponly that you can use to set this
> up. You set it as the login shell for the account, and it implements
> the absolute minimum that a shell needs to do to support scp, without
> giving any kind of interactive access.
>
> Hugo.
Another option would be to allow only SFTP, rather than SCP, which (if
the installed OpenSSH version supports it), wouldn't require any
additional software. Most clients that support SCP also support SFTP
https://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh
Misha
--
Misha Gale
PGP Public Key: 0x6F109D93
http://mishagale.co.uk/pubkey.asc
