Serve files via scp or sftp, without giving full shell access to users

The scp and sftp commands, as part of the OpenSSH suite, are great secure ways to transfer files around … they generally make a great secure alternative to FTP. However, I’d often wondered if there was a way of allowing file transfer with scp or sftp without giving users a full SSH-accessible shell account on my machine. Who knows what they may run 😛

Ubuntu Geek has the answer, with this quick writeup on how to install and configure scponly.

scponly runs in a chrooted environment (under /home/scponly by default), which in theory should stop users fiddling with your machine via ssh, but will still give them read/write access to the incoming directory within the chrooted directory tree.

I probably wouldn’t trust it for unrestricted public access (since I’m just paranoid about things like this, unless it’s a really well known tool on a properly secured server), but it certainly would be useful for friends, family, colleagues and collaborators.

Leave a Reply

Your email address will not be published. Required fields are marked *