I'm a linux administrator and I don't want people to download files stored on my server. However, users can login to the server via ssh to work on it. I don't know how to solve this problem. Please help me.
But they would still be able to scp to their home directory (you can make home directories each a small disk partition, say 100k or so) and likely /tmp. You could disable swap /tmp also.
Keep in mind, if you did this, you couldn't sftp either.
You could remove this line from /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server
But even if you did this, I could still "cat somefile" to the stdout screen output
then copy and paste that output to my local computer.
root@lx-rocky ~]# which scp
/usr/bin/scp
[root@lx-rocky ~]# ls -l /usr/bin/scp
-rwxr-xr-x. 1 root root 105264 Oct 11 03:18 /usr/bin/scp
[root@lx-rocky ~]# chmod 700 /usr/bin/scp
[root@lx-rocky ~]# ls -l /usr/bin/scp
-rwx------. 1 root root 105264 Oct 11 03:18 /usr/bin/scp
From client trying to scp to server.
Code:
scp testfile tux@lx-rocky:
tux@lx-rocky's password:
bash: /usr/bin/scp: Permission denied
lost connection
ssh tux@lx-rocky
tux@lx-rocky's password:
Last login: Tue Feb 22 17:54:40 2022
sftp tux@lx-rocky
tux@lx-rocky's password:
Connected to lx-rocky.
sftp> put testfile
Uploading copyfile to /home/tux/testfile
copyfile 100% 0 0.0KB/s 00:00
ssh to system where scp is disabled and check home directory.
Code:
ssh tux@lx-rocky
tux@lx-rocky's password:
Last login: Mon Feb 28 08:42:39 2022 from 11.22.13.1
[tux@lx-rocky ~]$ ls -l ~/testyfile
total 0
-rw-r--r--. 1 tux tux 0 Feb 28 08:41 testfile