Share your love
Install Scponly on AlmaLinux 9 – Secure File Transfer Protocol
This guide will show you how to Install Scponly on AlmaLinux 9. Scponly is a secure shell access that restricts the user’s access to only SCP (Secure Copy Protocol) and SFTP (Secure File Transfer Protocol). Also, it doesn’t allow users to run commands. It means that users can not run any commands but they have remote access to upload and download files.
You can now follow the steps below provided by the Orcacore team to Install Scponly on AlmaLinux 9.
Table of Contents
Steps To Install Scponly on AlmaLinux 9 – Secure File Transfer Protocol
To Install Scponly on AlmaLinux 9, you must access your server as a non-root user with sudo privileges. For this purpose, you can check the Initial Server Setup with AlmaLinux 9.
Then, follow the steps below to Install Scponly on AlmaLinux 9.
Step 1 – Install Required Packages for Scponly Setup
First, you must run the system update with the command below:
sudo dnf update -y
Then, use the command below to install the dependencies for your Scponly setup on AlmaLinux 9:
sudo dnf install wget gcc make rsync openssh -y
Step 2 – Download the Scponly Package
At this point, you can visit this link and get the latest package for Scponly.
To do this, you can navigate to your /opt directory and use the following wget command to download the Scpony package:
# cd /opt
# sudo wget http://sourceforge.net/projects/scponly/files/scponly-snapshots/scponly-20110526.tgz
When your download is completed, extract your Scponly package on AlmaLinux 9:
sudo tar -zxvf scponly-20110526.tgz
Then, navigate to your Scponly package:
cd scponly-20110526
Step 3 – Installing and Configuring Scponly on AlmaLinux 9
At this point, you must run the following configure command from your Scponly directory:
sudo ./configure --enable-chrooted-binary --enable-winscp-compat --enable-rsync-compat --enable-scp-compat --with-sftp-server=/usr/libexec/openssh/sftp-server
Then, run the commands below to Install Scponly on AlmaLinux 9:
# sudo make
# sudo make install
Next, you must add the Scponly shells to the /etc/shells file on your server. To do this, run the following command:
sudo /bin/su -c "echo "/usr/local/bin/scponly" >> /etc/shells"
Now you must create a Scponly group on AlmaLinux 9 to manage your users:
sudo groupadd scponly
Now you can follow the next steps to create a Scponly upload directory, and user account, and test your user account ability to upload and download files.
Step 4 – Set up a Scponly Upload Directory on AlmaLinux 9
In this step of Install Scponly on AlmaLinux 9, you need to create an upload directory which is used for how much data can be uploaded to the server. To do this, you can run the following command:
sudo mkdir -p /pub/upload
Then, set the correct permission and ownership for the file:
# sudo chown root:scponly /pub/upload
# sudo chmod 770 /pub/upload
Step 5 – Set up User Accounts For Scponly on AlmaLinux 9
Now you can use the following command to create your user accounts. In this example, we create a user called user1.
sudo useradd -m -d /home/user1 -s "/usr/local/bin/scponly" -c "user1" -G scponly user1
Note: You need to specify scponly as an alternative group and /usr/local/bin/scponly as the shell.
Then, set the correct permission for the Scponly user account:
sudo chmod 500 /home/user1
Also, you need to set a password for your Scponly user:
sudo passwd user1
At this point for Install Scponly on AlmaLinux 9, you can verify that your scponly doesn’t have access to the terminal. Log in to your server as your scponly server with the command below:
su - user1
Your terminal should hang, because you don’t have access to the terminal. You can press CTRL+C to exit.
Step 6 – Test Scponly User Account For Downloading Files
At this point, you can test your user’s ability to download files. To do this, you can create a 100 MB test file on your server:
sudo fallocate -l 100m /home/user1/testfile.img
Then, set the correct ownership for the file with your Scponly user:
sudo chown user1:user1 /home/user1/testfile.img
Now switch to your /tmp directory on AlmaLinux 9:
cd /tmp
Next, use the sftp command to log in to your Scponly user:
sftp user1@your_server_ip
You will be asked to enter your password. Then, from your shell, download your file and exit from the shell by using the commands below:
sftp> get testfile.img
sftp> quit
When you back to your local machine, you can verify it by using the command below:
ls -l testfile.img
Step 7 – Test Scponly User Account For Uploading Files
At this point, you can test your Scponlu user ability for uploading files on AlmaLinux 9. To do this, create an upload test file:
sudo fallocate -l 100m /home/user1/uploadfile.img
Then, sftp to your server by using your scponly user account:
sftp user1@your_server_ip
Next, you need to upload your test file to the /pub/upload:
sftp> put uploadfile.img /pub/upload/
Verify the file was successfully uploaded by using the following command:
sftp> ls -ltr /pub/upload
Then, you can quit your shell with the command below:
sftp> quit
That’s it, you are done. As you can see, you can easily use Scponly to upload and download files by restricting the users.
Conclusion
By restricting users to only use SCP for file transfers, you can minimize the risk of unauthorized access and potential security breaches. At this point, you have learned to Install Scponly on AlmaLinux 9.
Hope you enjoy it. Also, you may like to read the following articles:
Configure Linux Users’ Passwords with chpasswd Command
Install and Configure Syncthing on AlmaLinux 9
3 Ways to Transfer Files from Linux Server to Local Machine