FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-21-2012, 05:30 PM
"Turnbough, Bradley E."
 
Default chmodding SCP

I have two machines, and I am trying to copy files from one to the other via SCP.

Since this machine is accessible from two of our networks, we're trying to restrict the use of SCP to a select few individuals to prevent unauthorized data transmission from network to network.

What we did was we chmodded 700 /usr/bin/scp. The owner has remained root and the group has remianed root.

>From a different machine, I'm trying to scp to that machine, but I'm receiving an "access denied".

My ssh key is in the authorized users file in the root profile.

Anyone have a logical explanation?

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-21-2012, 05:34 PM
 
Default chmodding SCP

Turnbough, Bradley E. wrote:
> I have two machines, and I am trying to copy files from one to the other
> via SCP.
<snip>
> What we did was we chmodded 700 /usr/bin/scp. The owner has remained root
> and the group has remianed root.
>
>>From a different machine, I'm trying to scp to that machine, but I'm
>> receiving an "access denied".
>
> My ssh key is in the authorized users file in the root profile.
<snip>
One question: can you ssh to that machine?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-21-2012, 05:47 PM
"Denniston, Todd A CIV NAVSURFWARCENDIV Crane"
 
Default chmodding SCP

Turnbough, Bradley E. wrote:
> I have two machines, and I am trying to copy files from one to the other
> via SCP.
<snip>
>>From a different machine, I'm trying to scp to that machine, but I'm
>> receiving an "access denied".
>
> My ssh key is in the authorized users file in the root profile.
<snip>

So your setup is while setting at host1 you execute
scp root@host3:myfile root@host2:
and get "access denied"?

further I expect you are using ssh-agent.

if so, I expect it has something to do with scp dropping agent forwarding.
search 'scp agent forwarding'
I once found a script to work around it, but that is painful.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-22-2012, 09:18 AM
Kay Diederichs
 
Default chmodding SCP

On 02/21/2012 07:30 PM, Turnbough, Bradley E. wrote:
> I have two machines, and I am trying to copy files from one to the other via SCP.
>
> Since this machine is accessible from two of our networks, we're trying to restrict the use of SCP to a select few individuals to prevent unauthorized data transmission from network to network.
>
> What we did was we chmodded 700 /usr/bin/scp. The owner has remained root and the group has remianed root.

there are many ways for users to circumvent this, e.g.
cat <file> | ssh otherhost "cat > file"
or using their own scp binary (copied from a different machine, or
extracted from the .rpm)

>
>> From a different machine, I'm trying to scp to that machine, but I'm receiving an "access denied".
>
> My ssh key is in the authorized users file in the root profile.
>
> Anyone have a logical explanation?
>
> This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org