Install Scponly on AlmaLinux 9 – Secure File Transfer Protocol

Steps To Install and Configure Scponly on AlmaLinux 9 - orcacore.com

This guide will show you how to Install Scponly on AlmaLinux 9. Scponly is a secure shell access that restricts the user’s access to only SCP (Secure Copy Protocol) and SFTP (Secure File Transfer Protocol). Also, it doesn’t allow users to run commands. It means that users can not run any commands but they have remote access to upload and download files.

You can follow the steps below to install and configure Scponly on AlmaLinux 9.

what you read in this post?

Steps To Install and Configure Scponly on AlmaLinux 9

To complete this guide, you must access your server as a non-root user with sudo privileges. For this purpose, you can check the Initial Server Setup with AlmaLinux 9.

Then, follow the steps below to complete this guide.

Step 1 – Install Required Packages for Scponly Setup

First, you must run the system update with the command below:

sudo dnf update -y

Then, use the command below to install the dependencies for your Scponly setup on AlmaLinux 9:

sudo dnf install wget gcc make rsync openssh -y

Step 2 – Download the Scponly Package

At this point, you can visit this link and get the latest package for Scponly. To do this, you can navigate to your /opt directory and use the following wget command to download the Scpony package:

# cd /opt
# sudo wget http://sourceforge.net/projects/scponly/files/scponly-snapshots/scponly-20110526.tgz

When your download is completed, extract your Scponly package on AlmaLinux 9:

sudo tar -zxvf scponly-20110526.tgz

Then, navigate to your Scponly package:

cd scponly-20110526

Step 3 – Installing and Configuring Scponly on AlmaLinux 9

At this point, you must run the following configure command from your Scponly directory:

sudo ./configure --enable-chrooted-binary --enable-winscp-compat --enable-rsync-compat --enable-scp-compat --with-sftp-server=/usr/libexec/openssh/sftp-server

Then, run the commands below to install Scponly:

# sudo make
# sudo make install

Next, you must add the Scponly shells to the /etc/shells file on your server. To do this, run the following command:

sudo /bin/su -c "echo "/usr/local/bin/scponly" >> /etc/shells"

Now you must create a Scponly group on AlmaLinux 9 to manage your users:

sudo groupadd scponly

Now you can follow the next steps to create a Scponly upload directory, and user account, and test your user account ability to upload and download files.

Step 4 – Set up a Scponly Upload Directory on AlmaLinux 9

In this step, you need to create an upload directory which is used for how much data can be uploaded to the server. To do this, you can run the following command:

sudo mkdir -p /pub/upload

Then, set the correct permission and ownership for the file:

# sudo chown root:scponly /pub/upload
# sudo chmod 770 /pub/upload

Step 5 – Set up User Accounts For Scponly on AlmaLinux 9

Now you can use the following command to create your user accounts. In this example, we create a user called user1.

sudo useradd -m -d /home/user1 -s "/usr/local/bin/scponly" -c "user1" -G scponly user1

Note: You need to specify scponly as an alternative group and /usr/local/bin/scponly as the shell.

Then, set the correct permission for the Scponly user account:

sudo chmod 500 /home/user1

Also, you need to set a password for your Scponly user:

sudo passwd user1

At this point, you can verify that your scponly doesn’t have access to the terminal. Log in to your server as your scponly server with the command below:

su - user1

Your terminal should hang, because you don’t have access to the terminal. You can press CTRL+C to exit.

Step 6 – Test Scponly User Account For Downloading Files

At this point, you can test your user’s ability to download files. To do this, you can create a 100 MB test file on your server:

sudo fallocate -l 100m /home/user1/testfile.img

Then, set the correct ownership for the file with your Scponly user:

sudo chown user1:user1 /home/user1/testfile.img

Now switch to your /tmp directory on AlmaLinux 9:

cd /tmp

Next, use the sftp command to log in to your Scponly user:

sftp user1@your_server_ip

You will be asked to enter your password. Then, from your shell, download your file and exit from the shell by using the commands below:

sftp> get testfile.img
sftp> quit

When you back to your local machine, you can verify it by using the command below:

ls -l testfile.img

Step 7 – Test Scponly User Account For Uploading Files

At this point, you can test your Scponlu user ability for uploading files on AlmaLinux 9. To do this, create an upload test file:

sudo fallocate -l 100m /home/user1/uploadfile.img

Then, sftp to your server by using your scponly user account:

sftp user1@your_server_ip

Next, you need to upload your test file to the /pub/upload:

sftp> put uploadfile.img /pub/upload/

Verify the file was successfully uploaded by using the following command:

sftp> ls -ltr /pub/upload

Then, you can quit your shell with the command below:

sftp> quit

That’s it, you are done. As you can see, you can easily use Scponly to upload and download files by restricting the users.

Conclusion

By restricting users to only use SCP for file transfers, you can minimize the risk of unauthorized access and potential security breaches. At this point, you have learned to Install and Configure Scponly on AlmaLinux 9.

Hope you enjoy it. Also, you may like to read the following articles:

Configure Linux Users’ Passwords with chpasswd Command

Install and Configure Syncthing on AlmaLinux 9

3 Ways to Transfer Files from Linux Server to Local Machine

Top SSH Security Tips on AlmaLinux 9

Pass password to scp command in Linux using sshpass example

Tags

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!