Thanks Matt/Hugo.

scponly sounds perfect, will go have a look.

Kind regards

Kind regards

Murray Crane

On 3 September 2015 at 16:50, Mail Delivery Subsystem <mailer-daemon@googlemail.com> wrote:
Delivery to the following recipient failed permanently:

     hugo-bf@carfax.org.uk

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain carfax.org.uk by mail.carfax.org.uk. [2001:ba8:1f1:f1d9:216:3eff:fe14:aef9].

The error that the other server returned was:
550 Unrouteable address


----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=qUsmRotgDrePcgGkI3DnWeS619sY44YzDcMeKhOU5v4=;
        b=J+zTvt9/Iedp7OimfHkFm/PpIQhGZzoe5DHLC/pS+a8oG7urV/0dlNyrRZZzFlAQqK
         sECRimLaeNqtpGSk98+W+cs1VkDq4ecclWGmtcZqh9QV+o0CYXtn5ijgW/9DY5We9vmi
         AQJoWjo1snV2eqTZ/6eVUN4eft3NVD2hOFcFf09oYWGRLcz1u91e/G5SbBx72Tytv0uZ
         kxKRCYWIQaEXIwpgboZZPJRZdnWh8pz2BCCrZsrEo7cHUGUFneL4cf8TWxTtkSFgtFBo
         XnYtLHyqnBgJG7Lq9MnGloDCD3Zg8d8eUs5prVbKCPgcBmcihinHrO4ln8oQ0h1WhTDQ
         uovw==
MIME-Version: 1.0
X-Received: by 10.112.170.129 with SMTP id am1mr22610658lbc.116.1441295439506;
 Thu, 03 Sep 2015 08:50:39 -0700 (PDT)
Received: by 10.112.53.4 with HTTP; Thu, 3 Sep 2015 08:50:39 -0700 (PDT)
In-Reply-To: <20150903154935.GH11358@carfax.org.uk>
References: <CAAiW_G=sCOXr3g+0KzTpkJmuZYpfDLRY4O3zovk4a0BKEWt=Jw@mail.gmail.com>
        <20150903154935.GH11358@carfax.org.uk>
Date: Thu, 3 Sep 2015 16:50:39 +0100
Message-ID: <CAAiW_GkyVwYG4WeNnrC3-ThYSnwUuDLyTOezJEO1=c3-G0a7Uw@mail.gmail.com>
Subject: Re: [bitfolk] SSH query
From: Murray Crane <murray.crane@gmail.com>
To: Hugo Mills <hugo-bf@carfax.org.uk>
Content-Type: multipart/alternative; boundary=001a11c372eab03a74051ed9bee9

Thanks Matt/Hugo.

scponly sounds perfect, will go have a look.

Kind regards

Murray Crane

On 3 September 2015 at 16:49, Hugo Mills <hugo-bf@carfax.org.uk> wrote:

> On Thu, Sep 03, 2015 at 04:42:27PM +0100, Murray Crane wrote:
> > Hi all,
> >
> > Hoping to crowdsource your knowledge.
> >
> > In Ubuntu/Debian, is it possible to set up the www-data user with SSH
> > access (for development purposes; read/write to the web server document
> > root) but not "shell access" otherwise?
> >
> > The SSH will be pub-key only, but I already know how to do such things
> (to
> > avoid obvious "do it key only" suggestions).
> > Kind regards
>
>    There's a project called scponly that you can use to set this
> up. You set it as the login shell for the account, and it implements
> the absolute minimum that a shell needs to do to support scp, without
> giving any kind of interactive access.
>
>    Hugo.
>
> > Murray Crane
>
> > _______________________________________________
> > users mailing list
> > users@lists.bitfolk.com
> > https://lists.bitfolk.com/mailman/listinfo/users
>
>
> --
> Hugo Mills             | I spent most of my money on drink, women and fast
> hugo@... carfax.org.uk | cars. The rest I wasted.
> http://carfax.org.uk/  |
> PGP: E2AB1DE4          |                                            James
> Hunt
>