I have disabled sftp. I don't want to remove the scp from binary to disable scp access as it has no use as users can do ssh cat. Due to the current situation I have to allow ssh to access the system from remote but I only want those users just to work on the system but not copy the working files. Please let me know if there are options. And also the best way to log the user file access records.
Thank you.
Restrict users from copying files
Re: Restrict users from copying files
You cannot restrict scp and still allow full ssh shell access. Even if you could, it would be futile, because it is too easy to work around. Think of ssh tunnels or write the content of a file to text console and save console output to a file on the remote end.
What you could do is let the users run a remote desktop like x2go through ssh. On the server side, you restrict access to only those commands needed for the x2go session. In the x2go server you should disable the clipboard to prevent copying from the desktop.
You can find some inspiration in this: https://wiki.x2go.org/doku.php/wiki:security:rbash
What you could do is let the users run a remote desktop like x2go through ssh. On the server side, you restrict access to only those commands needed for the x2go session. In the x2go server you should disable the clipboard to prevent copying from the desktop.
You can find some inspiration in this: https://wiki.x2go.org/doku.php/wiki:security:rbash