I am not able to connect using openssh client scp command when terminal and commands are denied in Tectia Server.
asked Dec 17 '10 at 10:03
SSH KB ♦
OpenSSH(and SunSSH) uses "rcp over ssh" for scp transfers, even when the SSH2 protocol is used, while SSH Tectia uses the IETF SECSH draft compliant method of "sftp over ssh" for scp2 transfers.Enabling only commands will work fine in the server policy. As long as you know what commands will be run you can enable them in the server policy. Basically if you only use one command such as the following:
scp * firstname.lastname@example.org:You can allow commands: "scp -d -t ." and "scp -t ." If you use other or multiple commands you will have to keep adding new allowed commands. For instance:
scp "file1" email@example.com:tester1.txtneeds the following command allowed: "scp -t tester1.txt"
scp "file1" firstname.lastname@example.org:tester2.txtneeds the following command allowed: "scp -t tester2.txt"
scp email@example.com: /Will need: "scp -f ." As a result, if you want to allow any SCP command from an OpenSSH client, the only way to do this is to allow all commands. You can always restrict the users and/or IPs that can run these commands using selectors.
answered Dec 17 '10 at 10:04
SSH KB ♦