How To Enable scponly on Ubuntu 22.04

This tutorial intends to teach you to enable and configure scponly on Ubuntu 22.04. scponly is a secure shell that restricts users to SCP and SFTP. But it will disable SSH logins. With this option, you can allow your users’ remote access to upload and download files, but they can’t execute commands.

How To Enable scponly on Ubuntu 22.04?

To complete this guide, you must log in to your server as a non-root user with sudo privileges. For this purpose, you can follow our guide on Initial Server Setup with Ubuntu 22.04.

Now follow the steps below to complete your scponly setup on Ubuntu 22.04.

Step 1 – Install Required Packages for scponly on Ubuntu 22.04

First, you need to run the system update with the command below:

sudo apt update

Then, use the command below to install the required packages for scponly:

sudo apt install wget gcc make rsync openssh-client -y

Step 2 – Download the latest scponly

At this point, we will download and install scponly from the source in the latest version. First, switch to your /opt directory with the command below:

cd /opt

Then, visit the scponly restricted shell Files and get the latest release by using the following wget command:

sudo wget http://sourceforge.net/projects/scponly/files/scponly-snapshots/scponly-20110526.tgz

Next, extract your downloaded file with the following command:

sudo tar -zxvf scponly-20110526.tgz

Now proceed to the next step to build and install your scponly.

Step 3 – Compile and Build scponly on Ubuntu 22.04

Here you need to change your directory to the scponly by using the command below:

cd /opt/scponly-20110526

Then, run the following configure command to build a make file for scponly:

sudo ./configure --enable-chrooted-binary --enable-winscp-compat --enable-rsync-compat --enable-scp-compat --with-sftp-server=/usr/libexec/openssh/sftp-server

Next, use the following command to install your scponly on Ubuntu 22.04:

# sudo make
# sudo make install

After that, you need to add the scponly shells to the /etc/shells file with the command below:

sudo /bin/su -c "echo "/usr/local/bin/scponly" >> /etc/shells"

Finally, you need to create a scponly group to manage scponly users. To do this, run the command below:

sudo groupadd scponly

Step 4 – Create an Upload Directory on Ubuntu 22.04 for scponly

At this point, you need to create an upload directory for the scponly group which is used to see how much data can be uploaded to the server. To do this, run the command below:

sudo mkdir -p /pub/upload

Then, set the correct permissions and ownership to this file by using the commands below:

# sudo chown root:scponly /pub/upload
# sudo chmod 770 /pub/upload

Step 5 – Create a scponly User Account on Ubuntu 22.04

At this point, we want to show you how to create a user account for scponly. To do this, you can use the comamnd below: You need to specify scponly as an alternative group and /usr/local/bin/scponly as the shell

sudo useradd -m -d /home/user1 -s "/usr/local/bin/scponly" -c "user1" -G scponly user1

Then, you need to set the correct permissions for your user account by using the comamnd below: Because your scponly user account can’t modify SSH parameters.

sudo chmod 500 /home/user1

Next, set a password for your scponlu user account with the comamnd below:

sudo passwd user1

Output
New password:
Retype new password:
passwd: password updated successfully

Step 6 – Test scponly User Account Shell Access

At this point, you can verfi that your scponly doesn’t have access to the terminal.

Log in to your server as your scponly server with the comand below:

su - user1

Your terminal should hang, because you don’t have access to the terminal. You can press CTRL C to exit.

Step 7 – Download Files with scponly User Account

Now you can check your scponly user account ability that can download files. To do this, you can create a 100 MB test file by uisng the cmamnd below:

sudo fallocate -l 100m /home/user1/testfile.img

Then, set the correct ownership for your test file:

sudo chown user1:user1 /home/user1/testfile.img

Next, change your directory to the /tmp directory:

cd /tmp

Now sftp to your server by using your scponly user account on Ubuntu 22.04:

sftp user1@your_server_ip

You will be asked to enter your password. Then, from your shell, download your file by using the comand below:

sftp> get testfile.img

Then, exit from the shell:

sftp> quit

When you back to your local machine, you can verify it by using the command below:

ls -l testfile.img

Step 8 – Upload Files with scponly User Account

At this point, you can test your scponly user ability to upload a file.

First, create an 100 MB test file with the comamnd below:

fallocate -l 100m /home/user1/uploadfile.img

Then, sftp to your server by using your scponly user account:

sftp user1@your_server_ip

Next, you need to upload the your test file to the /pub/upload:

sftp> put uploadfile.img /pub/upload/

Verify the file was successfully uploaded by using the following command:

sftp> ls -ltr /pub/upload

Output
-rw-r--r--    1 user1 user1 104857600  uploadfile.img

Then, exit from your sftp shell:

sftp> quit

Conclusion

At this point, you have learned to enable and configur scponly on Ubuntu 22.04. Also, you have learned to create a test user and test your user account ability to download and upload files.

Hope you enjoy it. You may be interested in these articles on the orcacore website:

Install and Configure Zabbix 6.0 on Ubuntu 22.04

Upgrade Linux Kernel to the Latest on Ubuntu 20.04