tags:

views:

48

answers:

1

Hiya,

I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh login.

I'm having problems to understand the correct settings of users/groups I have to create to allow this to happen.

I will put an example;

Having:

  1. MyUser@MyServer
  2. MyUser belongs to the group MyGroup
  3. MyUser's home will be lets say, /home/MyUser
  4. SFTPGuy1@OtherBox1
  5. SFTPGuy2@OtherBox2

They give me their id_dsa.pub's and I add it to my authorized_keys

I reckon then, I'd do in my server something like

useradd -d /home/MyUser -s /bin/false SFTPGuy1 (and the same for the other..)

And for the last, useradd -G MyGroup SFTPGuy1 (then again, for the other guy)

I'd expect then, the SFTPGuys to be able to sftp -o IdentityFile=id_dsa MyServer and to be taken to MyUser's home...

Well, this is not the case... SFTP just keeps asking me for a password.

Could someone point out what am I missing?

Thanks a mil,

f.

EDIT: Just became aware of ServerFault and re-opened there.

A: 

Is authorized_keys readable for them (for the group MyGroup)?

Messa
Well, it wasn't (it was 700), but then I changed the permissions of the .ssh dir and the auth file to 750 though still no effect. Guess it's worth mentioning that my home dir ( `/home/MyUser`) is also readable for the group; most dirs being 750 and the specific folder where they'd drop files is 770.Nevertheless, about the auth file, I reckon the authentication would be performed by the local user on `MyServer`, isn't it? if so, I don't understand the need for other users to read it... well.. just wondering.
flpgdt