I wanted to add scponly to Tempest, so it’ll be ready to handle scp/sftp. Ideally, I’d like to load it from RedHat or something like EPEL.
I looked in yum for scponly and got the following hit:
[root@tempest ~]# yum --enablerepo=epel search scponly =============================================== Matched: scponly =============================================== rssh.x86_64 : Restricted shell for use with OpenSSH, allowing only scp and/or sftp [root@tempest ~]#
Oh, that would be nice and easy. However, reading http://www.pizzashack.org/rssh says that rssh isn’t really compatible with WinSCP, which many students use, so that’s a no-go.
Googling for scponly finds this: http://pkgs.repoforge.org/scponly/ which suggests it might be in the repoforge repository. What is Repoforge? Going to http://repoforge.org/ shows that it’s a replacement for rpmforge, which we already use. So, that’s worth doing.
I went to http://repoforge.org/use/ (using Firefox) and right-clicked on the link for the EL6 x86_64 version and chose “copy link address.” I then pasted that address into the following command:
[root@tempest ~]# rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpmRetrieving http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Preparing... ########################################### [100%] package rpmforge-release-0.5.2-2.el6.rf.x86_64 is already installed
Hunh. That’s surprising. I guess they haven’t (yet) changed the name of the repo in the files. So, let’s proceed:
[root@tempest ~]# yum --enablerepo=rpmforge search scponly Warning: No matches found for: scponly No Matches found
Darn! But what about that entry we saw before, at http://pkgs.repoforge.org/scponly/ ? Oh, I see, these are only for EL 5 and below. There is a source package; maybe we can download that and compile it?
Ah, but how to download a source rpm? There’s a nice tutorial here: http://crashcourse.ca/content/working-source-rpms-under-centos. Since I just want the source rpms for rpmforge, I have to create a .repo file for the source. However, getting the right URLs seems to be difficult in this case. And, reading further in that tutorial shows that the process of compiling the source is not easy. So, I’m going to resume my search for a precompiled binary.
I googled for it, and eventually found a document that says that scponly was dropped (orphaned) from EL6 due to a change in the Fedora Project Contributor Agreement (FPCA): http://www.redhat.com/archives/epel-devel-list/2011-July/msg00049.html. So, it’s hopeless to try to find a pre-compiled binary. We either need to get the source (using git, apparently, from http://pkgs.fedoraproject.org/cgit/scponly.git/tree/?h=f17) or configure sftp to do this, using something like this or try the simple expedient of having a ~/.login file that ends in “exit.”
Hang on! There *is* an /usr/local/bin/scponly shell on Tempest! I thought we were missing that. Apparently I’ve been wasting my time.