Subject: Re: scp-based drop box
To: Erik Huizing <huizing@cpsc.ucalgary.ca>
From: Curt Sampson <cjs@cynic.net>
List: netbsd-users
Date: 10/10/2001 19:12:44
On Tue, 9 Oct 2001, Erik Huizing wrote:
> I'm trying to create an scp-based drop box, where a user can scp files to
> the account, but can't log in and get a shell. Is what I'm tyring to do
> even possible?
I use a system very much like this for my backups. I've never tried scp,
though. My trick is simply to copy stdin to a file using a simple shell
script that replaces the users' shell in /etc/passwd:
#!/bin/sh
tapedir=/u/tape
umask 707
shift # Get rid of first argument: -c
cat >"$tapedir/$1";
You make sure there's an appropriate key in the authorized_keys file
and then just do a "ssh -l copyuser some.host.com somefilename" and send
the contents of "somefilename" to stdin of that command. Note that I set
the modes and permissions such that you can't overwrite existing files.
If anybody spots any security holes in this, I'd appreciate knowing
about it of course.
cjs
--
Curt Sampson <cjs@cynic.net> +81 3 5778 0123 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC