On May 13, 2009, at 23:15, John C Nash wrote:
I'm trying to get various statisticians to run performance tests on their machinery and have my "tester" put the results (roughly 30K file per run) onto my server. I can do this in a cross-platform way with scp (pscp in Windows, not sure on Mac yet, but there should be an scp client). However, this uses key pairs and possibly opens up the pseudo user on my server. Does anyone have pointers to how to lock down security holes? I'd like to avoid using web protocols and just keep ssh open if I can.
I use ssh for subversion commits and restrict my users from gaining shell access by using the "command=" field in authorized_keys. Not sure if a similar thing could be done for scp. On my svn server, I have this in the authorized_keys files -
command="umask 002;/usr/bin/svnserve -t -r /home/project",no-port- forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [RSA public key goes here...]
Openssh is available on the Mac. It's what I use every day. Regards, Spencer