scp only key authentication?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hey, all;

I'm working with a client that's running openssh 3.7.1.  They have a need
for one designated account to use public/private key authentication to
scp a file from a server to a client.  

The client's philosophy is that public/private key authentication is a
trust relationship - similiar in scope to a trust relationship using
UNIX r-commands.  That's obviously not quite true; however, the client
is very happy and, so far, very successful operating under that
philosophy so changing it isn't an option.

They would like to limit the public/private key authenticated access
to scp (and only scp) one particular file.  In other words, the
account in question won't be able to get a terminal session, shell
prompt using ssh - and it would only be able to scp the one file
down from the server, not put anything, not get anything else.

I haven't heard of anyone even attempting this level of restriction
using public/private key authentication.  My first thought was to
use the command option in the authorize_keys2 file; however, haven't
gotten much further than the pondering stage.

Does anyone know of a cleaner/brighter way of implementing this type
of restriction to scp and P/P key authentication?

Thanks for any hints/tips/suggestions.

Doug O'Leary

Senior UNIX Admin
O'Leary Computer Enterprises (w) 630-904-6098 (c) 630-248-2749

Re: scp only key authentication?

  Richard Silverman

Re: scp only key authentication?

Quoted text here. Click to load it

Interesting; the wrapper script is where I was heading, but I'll
have to examine this in more depth on a test system here.  Thanks!
I appreciate the link.


Senior UNIX Admin
O'Leary Computer Enterprises (w) 630-904-6098 (c) 630-248-2749

Site Timeline