My client wants a simple storage accessible via SCP and SFTP. There will be two user accounts, one is read-only and the other is read-write.
For security reasons I want to dumb it down as much as possible:
- I want the user to be restricted to their home directory without a way to get out
- User's root directory must remain writable. SSH's internal-sftp with chroot unfortunately fails this one
- I don't want to allow any access to a normal shell
- I don't want users to be able to mess with permissions/owners of the files
So far I have implemented SFTP using SSH + MySecureShell, it works and it seems pretty bulletproof. However, SCP does not work, which was one of the requirements of my client.
- Is there any way to make SCP work with MySecureShell? Or some other shell?
- If not, is there some way to use sftp from a command line like you would scp? I mean, not interactively and using syntax as close to SCP as possible.