Hiya,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.
I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.
I will put an example;
Having:
1)MyUser@MyServer
2)MyUser belongs to the group MyGroup
3)MyUser's home will be lets say, /home/MyUser
4)SFTPGuy1@OtherBox1
5)SFTPGuy2@OtherBox2
They give me their id_dsa.pub's and I add it to my authorized_keys
I reckon then, I'd do in my server something like
useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)
And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)
I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...
Well, this is not the case... SFTP just keeps asking me for a password.
Could someone point out what am I missing?
Thanks a mil,
f.
[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:
Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.
Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.
I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.
I will put an example;
Having:
1)MyUser@MyServer
2)MyUser belongs to the group MyGroup
3)MyUser's home will be lets say, /home/MyUser
4)SFTPGuy1@OtherBox1
5)SFTPGuy2@OtherBox2
They give me their id_dsa.pub's and I add it to my authorized_keys
I reckon then, I'd do in my server something like
useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)
And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)
I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...
Well, this is not the case... SFTP just keeps asking me for a password.
Could someone point out what am I missing?
Thanks a mil,
f.
[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:
Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.
Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]