Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ssh many users to one home

Status
Not open for further replies.

flpgdt

Technical User
Dec 15, 2009
6
ES
Hiya,

I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.

I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.

I will put an example;

Having:

1)MyUser@MyServer
2)MyUser belongs to the group MyGroup
3)MyUser's home will be lets say, /home/MyUser
4)SFTPGuy1@OtherBox1
5)SFTPGuy2@OtherBox2

They give me their id_dsa.pub's and I add it to my authorized_keys

I reckon then, I'd do in my server something like

useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)

And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)

I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...

Well, this is not the case... SFTP just keeps asking me for a password.

Could someone point out what am I missing?

Thanks a mil,

f.

[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:

Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.

Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]
 
Here is how my permissions are setup. I am not doing sftp but ssh commands between servers without a password.

Machine the commands are being run on.

drwx------ 2 root system 512 May 05 10:05 /.ssh
-rw-r--r-- 1 root system 599 Jul 09 2009 authorized_keys2

Machine I am initiating the ssh commands from.

drwx------ 2 root system 512 Jan 09 2006 /.ssh
-rw------- 1 root system 668 Nov 25 2002 id_dsa
-rw-r--r-- 1 root system 599 Nov 25 2002 id_dsa.pub

I hope this helps.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top