All HowTo's Cybersecurity Linux Redhat, Fedora and CentOS Linux Ubuntu, Mint & Debian Linux

How to Limit SSH Users to RSYNC and SCP using RSSH

This article demonstrates how easy it is to limit users SSH’ing into your system to just Rsync and/or SCP. We’re using CentOS 6 for this demo. For example, suppose you want to allow users (or a script on a remote system) to SCP or Rsycn files to and from a server but you don’t want them to be able to log in and run commands on the server. This is where RSSH comes in.

First install RSSH using Yum:

yum install rssh


yum localinstall

Open the “/etc/rssh.conf” file for editing. Notice the following 4 lines:

  9 #allowscp
 10 #allowsftp
 11 #allowcvs
 12 #allowrdist
 13 #allowrsync

Uncomment the above to the minimum you need. For instance, to permit SCP and Rsync, uncomment lines 9 and 13. Save the above.

Now you have a new shell located (for me) at “/usr/bin/rssh”. You can edit the “/etc/passwd” file and change any “/bin/bash” shell parameter to “/usr/bin/rssh”.

Warning! Don’t test this with your own account. Make sure you test it with another account “test” account.

From this:


To this:


You can do this with “usermod” and “useradd” as in the following examples:

usermod -s /usr/bin/rssh testuser324

Finally we need to make sure the user is in the right group. Make sure the user is in the “rsshusers” group. Read on for ways you can do this.

Create a new user, add that user to the right group and set their shell:

useradd -s /usr/bin/rssh -G rsshusers testuser324

Modify an existing user, set their group membership and set their shell. Get their current group membership first.

groups testuser324
testuser324 : testuser324 finance sales
usermod -s /usr/bin/rssh -G testuser324,finance,sales,rsshusers testuser324

Leave a Reply

Your email address will not be published. Required fields are marked *