preconfiguring winscp for redist to end users + additional info.

Advertisement

russell_zauner
Guest

preconfiguring winscp for redist to end users + additional info.

Apologies in advance for the lengthy post

I'm considering setting up a shared server for expert users. Since I'm doing this in my free time, I want to minimize risks and maintenence while providing the most features I can, for windows and linux users alike.

I've been using winscp now for a couple months and it's incredibly awesome compared to the way I was doing things before from my windows boxen.

What I'd like to do is give the windows users a presetup version of winscp with routine shell commands already configured and distribute it to them with a key, and simply remove terminal/cli access altogether (looking for equivalent gui based client for linux). Of course full license details and credit will be distributed with it, as will all the "free" tools I recommend and make available to the community.

Is there a simple answer or pointers to where I can find out for myself how to definitively do this? I'd like to avoid having them modify their registry, if at all possible. I don't want to lock it down, but merely provide a pre-config'd setup to deliver to them, along with a key (or instructions on how to generate theirs, I haven't been using the keys yet).

Pointers on where to find info to set this up on the server end, as well, would be gratefully appreciated. I've searched for a few hours but haven't been able to come up with a specific answer on how this is done by experts, the right way.

I am very willing to read anything and everything anyone can point me at. I spend 85-90% of my time just finding the sources, maybe some people can help me spend more of my time reading info and learning by sharing links and/or sources of info they trust and rely on.

I hope to have time to include a knowledgebase of how all this is done, as well as info that users submit. I'm learning (as I can) about debian-doc and sgml use to facilitate management of the repository.

I believe the server I'm looking at should have some release of woody on it, waiting for a confirmation back from the NOC that I'm considering getting it at. They advertise debian servers, so we'll see how it goes.

Thanks for any advice you are able to offer.

-russ

Reply with quote

Advertisement

russell_zauner
Guest

I found the info regarding key usage linked to here on the site. Thanks for having the info here, every good network engineer I've known has always complained about the strong key system not being mandated by company IT policy. Seems simple enough to implement.

I bet I can hack up a python script to generate all the necessary info for a new user, set up things on my end, and send end user stuff out via email automagically. Been looking for a little project to get my feet wet in python, anyhow.

Other stuff, still searching for.

thanks

-russ

Reply with quote

russell_zauner
Guest

Thank you, and double thanks for the prompt reply and info. I haven't tried it yet, but this seems to be what I want.

I know you may or may not be a linux professional, but is there a way to not allow a terminal session, but still allow the connection to perform from the gui?

Even a pointer to where I might go to better ask this question or where the information might reside would be extermely helpful. This info has been sort of hard to pin down, even with several hours of sifting through hits.

Thanks again,
-russ

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

russell_zauner wrote:

I know you may or may not be a linux professional, but is there a way to not allow a terminal session, but still allow the connection to perform from the gui?
I'm not Linux professional, but I hope following link can help you:
- How do I allow a user to use scp or sftp, but not allow regular ssh (i.e. forbid getting a shell or running other programs)? (<invalid hyperlink removed by admin>)

Reply with quote

Advertisement

Johan
Guest

russell_zauner wrote:

I know you may or may not be a linux professional, but is there a way to not allow a terminal session, but still allow the connection to perform from the gui?

There is also a shell called scponly, that can be used: <invalid hyperlink removed by admin>

regards,
Johan

Reply with quote

Advertisement

You can post new topics in this forum