-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Grant access by scp but not for login, how?
- Thread starter -fun-
- Start date
- Status
-fun-
Contributor
- Joined
- Oct 27, 2015
- Messages
- 171
Well there is an option "Disable password login" which comes closest but this is not what I need. The guide says: "when checked, disables password logins and authentication to CIFS shares [...]"
There doesn't seem to be an option "nologin" unfortunately.
There doesn't seem to be an option "nologin" unfortunately.
hugovsky
Guru
- Joined
- Dec 12, 2011
- Messages
- 567
There you go. See at the bottom.
D
dlavigne
Guest
There is also a scponly shell available for this purpose: http://doc.freenas.org/9.3/freenas_services.html#scp-only.
- Joined
- Mar 6, 2014
- Messages
- 9,554
If scp / sftp access is going to be a regular thing, I try to grant it through a jail. It helps prevent accidentally escalating privileges.
-fun-
Contributor
- Joined
- Oct 27, 2015
- Messages
- 171
Meanwhile I tested a little and granting scp access is actually not working as required for me. This seems to expose the complete filesystem. I had something in mind that exposes specific shares only.
I can of course create what I need which a jail. But before I go this way: Is there a suitable plugin available for this?
I can of course create what I need which a jail. But before I go this way: Is there a suitable plugin available for this?
- Joined
- Mar 6, 2014
- Messages
- 9,554
There's no plugin because this is probably the simplest possible use case for a unix file server. All you're doing is adding users, storage, and configuring ssh. Just create a jail.
If you need to really lock things down, you can chroot sftp (ssh file transfer protocol) for the group of users that have access, then only allow them sftp access.
- Status
