Description

This docuement will show you how to restrict any account to cvs, scp, sftp and/or rsync protocols only.

Requirements

Explanation of requirements.

  1. Root or appropriate sudo access to the system
  2. Internet access

Doing the Work

Basic description of what will be done and what is expected.

  1. Install rssh from http://rpm.centoshelp.org/el7/rpms/rssh-2.3.4-6.el7.centos.opsec.x86_64.rpm:
  2. yum localinstall http://rpm.centoshelp.org/el7/rpms/rssh-2.3.4-6.el7.centos.opsec.x86_64.rpm

  3. Edit /etc/rssh.conf and /etc/passwd:
  4. Uncomment these lines from the top of /etc/rssh.conf:

    Replace these lines from the top of /etc/passwd:
    replace: /bin/bash
    with: /usr/bin/rssh

    user:x:501:501::/home/user:/usr/bin/rssh

  5. Restart sshd and attempt to connect from a remote system using sftp and ssh:

Troubleshooting / Testing

Explanation troubleshooting basics and expectations.

  1. Make sure your firewall or denyhosts has not banned or blocked your ip:
  2. iptables -L INPUT -v -n
    tail -f /etc/hosts.deny

  3. Restart sshd, make sure your password is correct for user:
  4. systemctl restart sshd.service
    sudo passwd new_user

Disclaimer

We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp on irc.freenode.net

Last Modified: 25 Dec, 2015 at 00:45:37