Yesterday, I had setup Paradox database using DOSEMU on Linux, for a client. On Putty, the Paradox interface showed garbled making it unusable for the client. My instant suspect was DOSEMU. A quick check revealed that it’s happening with other apps too - those with a ncurses or text based user interface.For example: The garbled text, around the borders of UI elements, showed in ntsysv (as shown in the screenshots). ntsysv is a nifty console app, found in RedHat/CentOS/Fedora Linux, to start services during boot up.

The Solution
Launch Putty. On the Category pane (on the left), click on Windows>Translation. For the dropdown labeled “Received data assumed to be in which character set”, select UTF-8. To save this setting, click on Sessions (in the Category pane). On the right pane, select “Default Settings” and click on the button labeled Save. This is what worked for me with Putty version 0.60.

So given a choice, SCP/SFTP is a better option in terms of “security”. But enabling SFTP/SCP enables, by default, shell access too. Recently for one of my clients, the requirement was to use SCP instead of FTP while blocking shell access so that no user is able to login, in curiosity, nor could execute any program/script on the server, even by mistake. All they could do is to copy files across – from their desktop to the server and vice versa.  But, I could not find anything in  SSH configuration that barred SSH, while still allowing SCP.

The solution lied outside SSH and was trivial. It is called scponly. scponly is a shell program, just like Bash, Ksh which barrs shell access via SSH. I had CentOS 5.2 running on the client’s server. scponly RPM was not available from the CentOS repositories. I then setup the RPMForge repository as follows:

rpm -ivh http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Note that the above setup is specific to CentOS 5. Subsequently, I installed scponly as:

yum install scponly

Next, the shell of all the users, who are barred SSH access, must be set to /usr/bin/scponly. For existing users there are two ways to do it:

Method 1: Using usermod (Recommended)
Login as root and issue the following command:

usermod –shell /usr/bin/scponly <username>

Substitue <username> with the name of the user who will be barred shell access

Method 2: Edit /etc/passwd
Login as root and open the file named passwd, found in /etc directory, in a text editor. The file contains entry for each user on a seperate line along with their shell name. For example:

<username>:x:506:508::/home/<username>:/bin/bash

Replace /bin/bash with /usr/bin/scponly. Save the file. This will change the shell of the user named <username> to scponly.

For new users
For new users you can set the shell to scponly while creating the user via useradd command:

useradd –shell /usr/bin/scponly <username>

Once done, when one (who is barred the shell access) tries to SSH, he/she will be able to proceed upto the point of the password prompt. At the prompt, even after supplying a correct password, he/she will not be dropped into a shell. In fact it will appear as if the SSH login has hung – no errors, no access denied messages.