ssh many users to one home

Posted by filippo on Server Fault See other posts from Server Fault or by filippo
Published on 2010-06-04T08:31:30Z Indexed on 2010/06/05 6:03 UTC
Read the original article Hit count: 273

Filed under:
|
|

Hiya,

I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.

I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.

I will put an example;

Having:

  1. MyUser@MyServer
  2. MyUser belongs to the group MyGroup
  3. MyUser's home will be lets say, /home/MyUser
  4. SFTPGuy1@OtherBox1
  5. SFTPGuy2@OtherBox2

They give me their id_dsa.pub's and I add it to my authorized_keys

I reckon then, I'd do in my server something like

useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)

And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)

I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...

Well, this is not the case... SFTP just keeps asking me for a password.

Could someone point out what am I missing?

Thanks a mil,

f.

[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:

Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.

Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]

© Server Fault or respective owner

Related posts about ssh

Related posts about sftp