make linux server allow rsync/scp/sftp but not a terminal login

ssh linux rsync login

Solution 1:

Set the users' shell to rssh. From the manpage:

rssh - restricted secure shell allowing only scp and/or sftp

Solution 2:

If you only need to allow rsync, the developers of rsync provide the rrsync script to solve your problem. It is available from here: http://ftp.samba.org/pub/unpacked/rsync/support/rrsync

You just need to add something like this to your .authorized_keys file. This example allows read only (-ro) access to /some/directory/:

command="/path/to/rrsync -ro /some/directory/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAA...

A more throughout explanation and example is available here: https://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/

Update: This is NOT SECURE for write access until this bug is fixed: https://bugzilla.samba.org/show_bug.cgi?id=11879

As long as this bug persists, please only use rrsync in read only mode (-ro).

Solution 3:

You can use a pseudo-shell like scponly and set this for the users you don't want to login directly.

Another possible way is to set the login command in the authorized keys file, but that only works if your users login via SSH-keys and not via password.

Related

Remove a merge/commit in git
Cannot Share host directory with VirtualBox Guest Mint 16 64 bit
linux tree command limit number of files displayed in each directory
Set default container layout for i3 window manager
gnu screen not to change my window titles
Can't add default route - RTNETLINK answers: Network is unreachable
Why does bash need && to echo a variable on one line?
Windows 10 Taskbar: Never combine, always hide labels
Accept multiple changes in MS Word
Command+F not working on Mac across all applications
Registry keys to change personalization settings?
How to migrate from iPhoto to Picasa?