it possible to prevent users from copying

[rocky123]

With a Linux servers and OpenSSH,These days copyright are a big concern is it possible to prevent web users from copying those files using "scp" while still allowing shell access with an "ssh"?

[shane10]

When i got such kind of issue I realize that the 'ssh $server "cat file" ' type file accesses which are much much harder to prevent, but I need to see about stopping "scp" for starters.
Failing that, is there a way to reliably log all SCP access on the server side through syslog?

[LEE]

Quote:

Originally Posted by rocky123

With a Linux servers and OpenSSH,These days copyright are a big concern is it possible to prevent web users from copying those files using "scp" while still allowing shell access with an "ssh"?

Quote:

Originally Posted by shane10

When i got such kind of issue I realize that the 'ssh $server "cat file" ' type file accesses which are much much harder to prevent, but I need to see about stopping "scp" for starters.
Failing that, is there a way to reliably log all SCP access on the server side through syslog?

While you could edit your /etc/ssh/sshd_config to look something like this:

Quote:

ForceCommand /bin/sh
PermitOpen 0.0.0.0
AllowTcpForwarding no
PermitTunnel no
# Subsystem sftp /usr/lib/openssh/sftp-server
PermitUserEnvironment no

Rather than determine what the user is likely to use it for. Because if there are only a few commands that you want them to have access to, I would instead remove the ability for them to even invoke a normal ssh shell.

Quote:

AllowUsers root
PermitRootLogin forced-commands-only
PermitUserEnvironment no
AllowTcpForwarding no
PermitTunnel no

# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem smb-reload /usr/bin/smbcontrol smbd reload-config
Subsystem status /opt/local/bin/status.sh

Quote:

ssh root@example -s smb-reload

If the administrator find that, it really do need to be run on a normal shell, the most you really can hope for, is to slow them down, and make it more difficult.