Set up a secure file transfer account with rssh

If you need to give users secure file transfer access to a server without giving them shell access as well, rssh in combination with OpenSSH can provide the tools you need.

Years ago, a popular pastime amongst personal computer hackers was to trade files using an FTP server. Such servers were maintained by especially dedicated hackers who put in the time and effort to maintain them for their "customers". FTP servers offered a more "serious" use as well; a way for a person or organization to make downloads available to the general public, by way of "anonymous" FTP servers where arbitrary users can download but not upload files. Running these servers was relatively easy, at first: the File Transfer Protocol did all the work.

Many FTP servers are still in operation around the world. Open source operating system projects often maintain FTP servers where users can download ISO images of installation CDs, then burn them to CD-R. FTP servers are also used to provide access for the software management systems used by BSD Unix and Linux-based operating systems. There is still a Library of Congress Public FTP Site loaded with information about projects and archives at the United States Library of Congress, including information about copyright policy and legislation in Congress.

Over time, security became an issue for FTP servers that required user login. The most obvious problem with FTP security is a complete lack of encryption in the standard protocol. This means that whatever you upload or download can conceivably be read in transit by an attacker, of course. The worst part of that is the fact that even logins are transmitted in plain text, which means that attacker can "sniff" passwords and use them to gain access.

Over the years, a number of solutions for this problem have appeared. One that is common for MS Windows users is FTPS, which uses TLS to encrypt your connections, just like Websites that use the https: URI scheme. Unfortunately, setting up an FTPS server means setting up public key infrastructure for TLS on your server as well, which is often a very big job, and can cost a fair bit of money in the long run if you want your certificate signed by one of the widely-accepted Certificate Authorities.

An easier and cheaper approach for administrators of Unix-like systems is to use SFTP, a part of the standard SSH protocol suite. Specifically, the OpenSSH suite developed in association with the OpenBSD project provides three basic mechanisms for encrypted connections between clients and servers:


This is the basic secure shell connection, which provides remote shell access over an encrypted connection. It was created as a secure replacement for the rsh, or "remote shell", utility -- part of the rlogin package.


This uses SSH encryption to transfer files in a manner similar, from the user's perspective, to the way the cp Unix utility works. It was created as a secure replacement for the rcp, or "remote copy", utiliy -- also part of the rlogin package.


The final major part of the SSH suite was designed as a secure replacement for FTP.

By default, however, SSH protocol suites like OpenSSH are used for remote shell access. This means that default installs of OpenSSH allow anyone with an account on an OpenSSH server to have local shell access as well as SCP and SFTP access. For cases where the system administrator only wants to offer a secure alternative to FTP, shell access is probably a pretty egregious no-no. Luckily, someone recognized a need for restricting SSH access with the OpenSSH suite to a subset of connection mechanisms, and rssh was born.

Major open source Unix-like operating systems that come with OpenSSH installed by default -- such as FreeBSD, NetBSD, OpenBSD, and a plethora of Linux-based systems -- generally make it incredibly easy to install and use rssh for that purpose. Installation on such systems should involve nothing more than using the system's default software management system, possibly via one of its user friendly front ends. For instance, on Debian-based systems, APT should offer access to rssh:

apt-get install rssh

Meanwhile, Portupgrade offers similarly simple installation on FreeBSD:

portinstall rssh

Once installed, configuring a given user account to allow rssh to restrict its remote access is as easy as setting the account's shell to rssh. While BSD Unix and Linux-based systems use different implementations of the chsh command, their use for changing an account's shell is the same:

chsh -s `which rssh` ren

This should result in the account in question being entirely inaccessible using SSH, because default configuration for rssh disallows everything. Ensuring that your rssh.conf file -- which should be located in either /usr/local/etc, /etc, or some similar directory -- contains the following lines will allow SCP and SFTP access for that account:



It is as simple as that.

The rssh tool is distributed under a BSD-style copyfree license.