« Return to Thread: Problem with scp and SSH on Arch Linux
Re: Problem with scp and SSH on Arch Linux
by Derek Martin
::
Rate this Message:
On Mon, Jun 25, 2007 at 11:18:00PM -0300, Guido Barosio wrote:
> Caught this message and I am currently wondering why a /bin/false'ed
> passwd file should allow a scp to get in the host and attempt the
> copy.
OpenSSH does the authentication... it doesn't need to care what your
shell is for the authentication to succeed. All that matters for
login to be successful is for some configured authentication mechanism
to succeed; i.e. the user's supplied password matches what's CRYPTed
in the passwd file, or the user's private key matches the public key
stored in the user's authorized keys file, etc. None of this requires
the shell to work.
For the scp to succeed, the user needs a working shell, because sshd
will start the user's shell in order to have it execute the scp
command on the remote system. If the shell doesn't work, the scp
command will never run...
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
> Caught this message and I am currently wondering why a /bin/false'ed
> passwd file should allow a scp to get in the host and attempt the
> copy.
OpenSSH does the authentication... it doesn't need to care what your
shell is for the authentication to succeed. All that matters for
login to be successful is for some configured authentication mechanism
to succeed; i.e. the user's supplied password matches what's CRYPTed
in the passwd file, or the user's private key matches the public key
stored in the user's authorized keys file, etc. None of this requires
the shell to work.
For the scp to succeed, the user needs a working shell, because sshd
will start the user's shell in order to have it execute the scp
command on the remote system. If the shell doesn't work, the scp
command will never run...
--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D
attachment0 (196 bytes) « Return to Thread: Problem with scp and SSH on Arch Linux
| Free embeddable forum powered by Nabble | Forum Help |
