I want to offer encrypted ftp transfers to my server for some users.
The user should be able to use (win)scp to transfer files to my server.

However it is often said that granting SSH access is a security risk for telnet.

Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?

Do I need full SSH permissions to use scp?

Peter

On Sun, 10 Dec 2006 21:43:55 +0000, Peter Meister wrote:

> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.
>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?
>
> Peter

SSH is not Telnet, all communication is encrypted. However if what you are
worried about are users logging into the system using SSH I'm not sure if
there is any way to prevent this if you've given them ssh access.

I have an ssh server for distributing code to my customers. What I did is
the following,

I dedicated an old machine (500 MHz PIII) to the task. I did a fairly
minimal install of Fedora Core to it, basically enough to run ssh and no
other servers.

I create an account for each user and I have them send me their
id_rsa.pub public key which I put in an authorized_keys file. I don't
allow password access, the only way in is via RSA authentication.

All of the users accounts have 700 access privileges so that no user can
see anything that's in another user's account.

The public key for my ssh server is not in the authorized keys files for
any other machine on my LAN, that way you can't ssh from the server to
another machine (I don't run any legacy services on my machines so ssh is
the only way to log into them).

I can ssh into my ssh server from my other machines so I can copy things
to and from my account on the server so when I do a release I copy the
release tar.gz files to my account on the ssh server. I then su to root
and copy the files to the appropriate user accounts, I then do a chmod -R
700 so that everything in /home is private.

There is probably a better way to do this, but this works for me and I'm
confident that it's secure.

Peter Meister wrote:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.
>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?
>
> Peter

Umm. . . SSH is NOT Telnet, those are two very different things. SSH
is SSH, and telnet is telnet.

You need a better understanding of the SSH service.

["Followup-To:" header set to comp.os.linux.misc.]
Peter Meister <pmeister2@lycos.com>:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.

What does that mean?

The goal has been to eliminate the usage of insecure applications
(telnet, ftp, remote shell) which transmit passwords in cleartext.
ssh, scp, sftp do that. Why button down ftp when you want to leave
the telnet door open?

> Do I need full SSH permissions to use scp?

Where is this stuff that says giving ssh access is dangerous?


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
Spammers! http://www.spots.ab.ca/~keeling/emails.html

General Schvantzkoph <schvantzkoph@yahoo.com> writes:

>On Sun, 10 Dec 2006 21:43:55 +0000, Peter Meister wrote:

>> I want to offer encrypted ftp transfers to my server for some users.
>> The user should be able to use (win)scp to transfer files to my server.
>>
>> However it is often said that granting SSH access is a security risk for telnet.
>>
>> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
>> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>>
>> Do I need full SSH permissions to use scp?

No idea what you are talking about. ssh and telnet have nothing to do with
each other. ssh is a completely different protocol from telnet, and does
nto use telnet in any way, and vice versa.


>SSH is not Telnet, all communication is encrypted. However if what you are
>worried about are users logging into the system using SSH I'm not sure if
>there is any way to prevent this if you've given them ssh access.

scp IS ssh. It is using ssh to copy a file from one system to the next.
scp is NOT ftp. There is a thing called sftp which uses the ftp protocol
with ssh.




>I have an ssh server for distributing code to my customers. What I did is
>the following,

>I dedicated an old machine (500 MHz PIII) to the task. I did a fairly
>minimal install of Fedora Core to it, basically enough to run ssh and no
>other servers.

>I create an account for each user and I have them send me their
>id_rsa.pub public key which I put in an authorized_keys file. I don't
>allow password access, the only way in is via RSA authentication.

>All of the users accounts have 700 access privileges so that no user can
>see anything that's in another user's account.

>The public key for my ssh server is not in the authorized keys files for
>any other machine on my LAN, that way you can't ssh from the server to
>another machine (I don't run any legacy services on my machines so ssh is
>the only way to log into them).

>I can ssh into my ssh server from my other machines so I can copy things
>to and from my account on the server so when I do a release I copy the
>release tar.gz files to my account on the ssh server. I then su to root
>and copy the files to the appropriate user accounts, I then do a chmod -R
>700 so that everything in /home is private.

>There is probably a better way to do this, but this works for me and I'm
>confident that it's secure.

Sounds fine.

pmeister2@lycos.com (Peter Meister) (06-12-10 21:43:55):

> However it is often said that granting SSH access is a security risk
> for telnet.

The opposite way. Using Telnet completely eliminates the security
advantage gained from SSH.


> Hmm, I am not sure. I thought I could grant SSH to a user for only his
> ftp connections. Or does SSH mean: all or nothing: SSH for FTP AND
> telnet or no SSH at all?

You are free to use anything you want. However, using insecure
clear-text protocols like Telnet will make the encryption worthless.


> Do I need full SSH permissions to use scp?

Yes.


Regards,
E.S.

Peter Meister wrote:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.

You mean SCP or SFTP? To quote wikipedia:

"A common misconception is that SFTP is simply FTP run over SSH; in fact
it is a new protocol designed from the ground up by the IETF SECSH
working group."

> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?

If you want to use scp than you're probably out of luck. OTOH, SFTP uses
SSH only for authentication, so you can set the user to have /dev/null
as login shell and they cannot login into machine at all. Well, this is
all AFAIU, I haven't tried it myself yet.


--
Milan Babuskov
http://njam.sourceforge.net
http://swoes.blogspot.com

Milan Babuskov <mbabuskov@yahoo.com> wrote:
> If you want to use scp than you're probably out of luck. OTOH, SFTP uses
> SSH only for authentication, so you can set the user to have /dev/null
> as login shell and they cannot login into machine at all. Well, this is
> all AFAIU, I haven't tried it myself yet.

That doesn't quite work, but what /does/ work is to set the sftp
application as the login shell.

You would probably want to have a chroot environment as well, but that's
quite a bit harder. (Last time I looked, it required a patch to the source
and a recompile/reinstall. It's a FAQ on the OpenSSH website, I think.)

Chris

On 2006-12-10, Peter Meister <pmeister2@lycos.com> wrote:

> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk
> for telnet.
>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?

scp and sftp are simply different front-ends to ssh. scp gives ssh a cp
(*nix "copy") work-alike interface, while sftp gives ssh an ftp-like
interface. It is still just ssh behind the scenes doing the actual work
of transferring the files. If ssh, scp, and sftp are invoked by
different executables (as they are under Cygwin, for example), you could
simply delete or modify the permissions on the ssh.exe executable to
deny regular ssh access. WinSCP3 rolls all three functions into single
executable, though.

--

John (john@os2.dhs.org)

Peter Meister wrote:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.

telnet is a particular program that allows a remote user to spawn an
interactive shell. SSH is a suite of programs that allows a remote user
to (among other things) spawn an interactive shell. Other than those
similar purposes, the two programs are not related.

Any time a remote user accesses a shell is a security risk for the
systems administrator. For the most part, SSH limits the risk to the
remote user, not to the systems administrator (ie, it keeps *his*
privacy but doesn't for the most part address any of *your* security
concerns other than if he is doing something like su'ing and using the
root password).

>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?

You don't have to grant any account on your system the right to have a
shell; let alone remote accounts. One popular solution is to use a
restricted shell like rssh; another good idea is to place the sftp
server in a chroot'ed environment (particularly since you'll be allowing
uploads).

In short, you don't *need* to let users have access to a (meaningful)
shell just to let them use scp, *but* you will have to do some
configuration to make that happen since out of the box sshd's tend to
assume you want an interactive shell.

On a final note, unless there is something very sensitive about the
information they are uploading, this is a solution in search of a
problem. SSH doesn't add some kind of check against user maliciousness
or error. All it does is prevent eavesdropping or alteration of the
information transmitted. If your security concern is from the users
themselves, SSH doesn't at all and you need to look at system
authorizations and permissions instead.

Weldon

You are thinking in the wrong context.....

Just run a sftp server, and it will allow secure ftp connections useing
ssl. you don't need to allow anyone telnet access, disable it
altogether, or don't give people a shell to log in with.


On Sun, 10 Dec 2006 21:43:55 +0000, Peter Meister wrote:

> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.
>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?
>
> Peter

Now that everyone has clearly stated the difference between ssh and telnet, I
think the question could have been; is there a way to enable a secure way to
transfer files (sftp or scp) without giving users a remote command-line shell,
using the openssh package.

Trying to set the users login shell to /bin/false or /dev/null doesn't work
either, as the user is not allowed into scp. Maybe a script that interacts with
the openssh system calls would do the trick.

I think the openssh devs should address this in their next release. Maybe make
the sshd_config file add two more directives like:
DenyShell user1, user2, user3...
DenyScp user4, user5, user6...
To allow more fine grained access control. Would this be technically hard to
program? It seems like every once in a while this feature request pops up.

Peter Meister wrote:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.
>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?
>
> Peter
>

>>>>> "David" == ~David~ <shadoweyez@gmail.com> writes:

David> Now that everyone has clearly stated the difference between ssh
David> and telnet, I think the question could have been; is there a
David> way to enable a secure way to transfer files (sftp or scp)
David> without giving users a remote command-line shell, using the
David> openssh package.

David> Trying to set the users login shell to /bin/false or /dev/null
David> doesn't work either, as the user is not allowed into scp.
David> Maybe a script that interacts with the openssh system calls
David> would do the trick.

David> I think the openssh devs should address this in their next
David> release. Maybe make the sshd_config file add two more
David> directives like: DenyShell user1, user2, user3... DenyScp
David> user4, user5, user6... To allow more fine grained access
David> control. Would this be technically hard to program? It seems
David> like every once in a while this feature request pops up.

It would be easy: all you want to do is allow subsystem requests, but not
shell or exec requests (this would allow sftp but not scp, which operates
over an exec channel and hence is more problematic). Some SSH products
already allow this kind of control, such as VanDyke's SSH server. And I
seem to recall reading somewhere recently that it is on the roadmap for
OpenSSH.

David> Peter Meister wrote:
>> I want to offer encrypted ftp transfers to my server for some
>> users. The user should be able to use (win)scp to transfer files
>> to my server.
>>
>> However it is often said that granting SSH access is a security
>> risk for telnet.
>>
>> Hmm, I am not sure. I thought I could grant SSH to a user for only
>> his ftp connections. Or does SSH mean: all or nothing: SSH for FTP
>> AND telnet or no SSH at all?
>>
>> Do I need full SSH permissions to use scp?
>>
>> Peter
>>

--
Richard Silverman
res@qoxp.net

In article <u1ogh.2621$yC5.601@newssvr27.news.prodigy.net> ~David~
<shadoweyez@gmail.com> writes:
>
>Now that everyone has clearly stated the difference between ssh and telnet, I
>think the question could have been; is there a way to enable a secure way to
>transfer files (sftp or scp) without giving users a remote command-line shell,
>using the openssh package.
>
>Trying to set the users login shell to /bin/false or /dev/null doesn't work
>either, as the user is not allowed into scp. Maybe a script that interacts with
>the openssh system calls would do the trick.

What is needed is just a shell that allows execution of the scp command
and nothing else - the local scp invokes scp at the remote end, and it
is done via the user's login shell. Of course such a shell already
exists, and has been discussed here several times in the past - the
unsurprising name is 'scponly'.

--Per Hedeland
per@hedeland.org

~David~ wrote:

> Trying to set the users login shell to /bin/false or /dev/null doesn't work
> either, as the user is not allowed into scp. Maybe a script that interacts with
> the openssh system calls would do the trick.

How about just adding code to /etc/profile that logs out those users
immediately? They'll never even get to their own .profile but I think it
will still allow scp and sftp.

Peter Meister wrote:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.
>
> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?
>
> Peter
>

Hello,

take a look to "http://olivier.sessink.nl/jailkit". It works great. You
can define the chrooting, the allowed commands and paths for a user or a
group of users.

Denis.

Peter Meister wrote:
> I want to offer encrypted ftp transfers to my server for some users.
> The user should be able to use (win)scp to transfer files to my server.
>
> However it is often said that granting SSH access is a security risk for telnet.

SSH is a vastly superior rsh/telnet replacement. Treat it as such.

> Hmm, I am not sure. I thought I could grant SSH to a user for only his ftp connections.
> Or does SSH mean: all or nothing: SSH for FTP AND telnet or no SSH at all?
>
> Do I need full SSH permissions to use scp?
>
> Peter

Just about. There have been various techniques to limit the risk, such
as adding arguments to the authorized_keys file entries. I've gotten
very fond of WebDAV over HTTPS, to provide controllable and managable
privileges for user uploads and downloads.