I would need some advice for those who want to help :
I have a linux server, and I want to provide an ssh (openssh) access to services like rsync, and sftp, for a specific user (extuser).
1) I'd like to restrict extuser to only process rsync or sftp, no other commands
2) extuser needs to read/write some specific directories, so I want to restrict what he can see and where he can write.
3) I'd read some about rbash or lshell, but i wanted to know if by "basic" configuration of openssh, without adding specific tools, i could manage it ?
Here is my reflexion (not very far, sorry)
For the 1) If i had only rsync to deal with, i've seen the rrsync script that is really helpfull :) But how to add the sftp restriction ? I've read about the "command=" in authorized_keygen and the use of variable SSH_ORIGINAL_COMMAND, but not sure if it is mainly dedicated for ssh command explicitely used (i.e ssh user@host "mycommand"), not for command that "internally" use ssh like rsync or sftp ?
For the 2), I think the chroot option for sftp will help
If you have any advices, remarks, are if you see i'm going in wrong way, i'd apreciate some returns :)
Thanks a lot :)
