On Tue, 9 Oct 2001, Erik Huizing wrote:

> I'm trying to create an scp-based drop box, where a user can scp files to
> the account, but can't log in and get a shell. Is what I'm tyring to do
> even possible?

I use a system very much like this for my backups. I've never tried scp,
though. My trick is simply to copy stdin to a file using a simple shell
script that replaces the users' shell in /etc/passwd:

    #!/bin/sh
    tapedir=/u/tape
    umask 707
    shift   # Get rid of first argument: -c
    cat >"$tapedir/$1";

You make sure there's an appropriate key in the authorized_keys file
and then just do a "ssh -l copyuser some.host.com somefilename" and send
the contents of "somefilename" to stdin of that command. Note that I set
the modes and permissions such that you can't overwrite existing files.

If anybody spots any security holes in this, I'd appreciate knowing
about it of course.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 3 5778 0123   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC