can I use /etc/ssh/sshd_config to make it so a user can only scp files to the server but open a shell. I tried with the commands below but just got connection closed.
Match User website
X11Forwarding no
AllowTcpForwarding no
ForceCommand scp
You need to set user's shell to rssh - http://www.pizzashack.org/rssh/ . This shell allows executing sftp/scp requests only.
Related
I want to copy files using rsync over ssh, but a "Cannot execute command-line and remote command." is raised, meanwhile it works fine with scp.
Command : rsync -ravh folder XXX:folder
My ssh config is configured as follows :
Host XXX
Hostname YY
User user
RequestTTY yes
RemoteCommand bash --init-file ~/.bashrc
I noticed that by removing the RemoteCommand option, rsync does the job.
How could I manage to make rsync work while using my current ssh host config ?
Thanks in advance.
Is there a way to set up a ChrootDirectory for a system only for SFTP and not for ssh?
i.e. if I wanted to ssh into a server and have root be a certain directory, but SFTP into the same server and have a different directory as root, is that possible? I have been trying to toggle /etc/ssh/sshd_config to make this work but it has not been successful yet. I do not have sudo access so I cannot add another user, so this would have to be on the same user.
To have an alternate working directory after logging in with sftp, the path can be appended with a colon. Replace remote-host with user#host or ssh config Host pattern.
sftp remote-host:relative/path
or
sftp remote-host:/absolute/path
For similar behavior with ssh, see this answer.
I am trying to connect to a remote host from my local host through the below command.But there was a setting in the remote host that soon after we login it will prompt to enter a badge ID,password and reason for logging in, because it was coded like that in profile file on remote-host How can I overcome those steps and login directly non-interactively, without disturbing the code in profile.
jsmith#local-host$ ssh -t -t generic_userID#remote-host
Enter your badgeID, < exit > to abort:
Enter your password for <badgeID> :
Enter a one line justification for your interactive login to generic_userID
Small amendment: to overcome remote server expect approach is required, but in case local script connects to bunch of remote servers, which configuration may be broken, just use SSH options:
ssh -f -q -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null USER#TARGETSYSTEM
This will omit ask for password in case there is no ssh_key setup, exit silently and continue with script/other hosts.
Puts ssh to background with -f, which is required when calling ssh command from sh (batch) file to remove local console redirect to remote input (implies -n).
Look into setting up a wrapper script around expect. This should do exactly what you're looking for.
Here are a few examples you can work from.
I have upvoted Marvin Pinto's answer because there is every reason to script this, in case there are other features in the profile that you need, such as Message of the Day motd.
However, there is a quick and dirty alternative if you don't want to make a script and you don't want other features from the profile. Depending on your preferred shell on the remote host, you can insist that the shell bypasses the profile files. For example, if bash is available on the remote host, you can invoke it with:
ssh -t -t generic_userID#remote-host bash --noprofile
I tested the above on the macOS 10.13 version of OpenSSH. Normally the command at the end of the ssh invocation is run non-interactively, but the -t flag allows bash to start an interactive shell.
Details are in the Start-up files section of the Bash Reference Manual.
I installed freeNX (remote GUI access), which is based on sshd service.
It means all users who can access freeNX should be assigned a ssh-enabled account.
But I don't want part/all of these users directly access the sshd service via any ssh client.
What can I do?
I don't know freeNX, but if it don't need a shell access, just SSH, you can put /bin/false as the shell for each users in your /etc/passwd file.
For this you must modify the last entry on each correspondent line (usually /bin/bash) to /bin/false.
You can configure your ssh server to accept only specific users & groups by modifying /etc/ssh/sshd_config:
AllowUsers admin
AllowGroups freenx_users
Remember to restart your ssh server after you make the change.
/etc/init.d/ssh restart
More details about AllowUsers and AllowGroups see the man page:
man sshd_config
when you do an "ssh second_machine" you are able to connect to second_machine on your home directory
But usually i am working in my_machine in directory with very long path, and i want to connect to second_machine and move to my working directory right away. So everytime i have to:
ssh second_machine
cd /very/long/path/to/directory/
Is there a way to make it automatic ?? ( ssh automatically go to the desired directory )
This should work for you
ssh -t second_machine "cd /very/long/path/to/directory/; bash"
Assumes you're wanting to run bash, substitute for a different shell if required.
To make it permanent, use RemoteCommand in your ~/.ssh/config file, e.g.
Host myhost
HostName IP
User ubuntu
IdentityFile ~/.ssh/id_rsa
RemoteCommand cd /path/to/directory; $SHELL -il
Related:
SSH Config File Alias To Get To a Directory On Server
How can I automatically change directory on ssh login?
Run a remote command using ssh config file
You could do something like the one I'm using. Make an alias as the one below.
alias ssh 'ssh -t \!* "cd $PWD; csh"'
(here, csh could also be replaced by bash)
This brings you directly to the 'current' path on the other machine.
The usage would be like [$] ssh some machine
However, I find that it works slow. So, I'm looking for an alternative.