ssh many users to one home
Posted
by filippo
on Server Fault
See other posts from Server Fault
or by filippo
Published on 2010-06-04T08:31:30Z
Indexed on
2010/06/05
6:03 UTC
Read the original article
Hit count: 273
Hiya,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.
I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.
I will put an example;
Having:
MyUser@MyServer
MyUser
belongs to the groupMyGroup
- MyUser's home will be lets say,
/home/MyUser
SFTPGuy1@OtherBox1
SFTPGuy2@OtherBox2
They give me their id_dsa.pub
's and I add it to my authorized_keys
I reckon then, I'd do in my server something like
useradd -d /home/MyUser -s /bin/false SFTPGuy1
(and the same for the other..)
And for the last, useradd -G MyGroup SFTPGuy1
(then again, for the other guy)
I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer
and to be taken to MyUser's home...
Well, this is not the case... SFTP just keeps asking me for a password.
Could someone point out what am I missing?
Thanks a mil,
f.
[EDIT: Messa in StackOverflow asked me if authorized_keys file was readable to the other users (members of MyGroup). Its an interesting point, this was my answer:
Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( /home/MyUser
) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.
Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on MyServer
, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering. ]
© Server Fault or respective owner