0

I have sensitive data on a server that can only be accessed remotely. I want to give a student access to the server to play with the data, but I do not want the to be able to send the data off the computer in any way. For example, the should not be able to take any data and ftp it out, not should they be able to scp it from the computer they use to log on to the server. Question 1: What approach do you recommend for this use case?

I am aware of similar questions but cannot tell if they apply to this situation since I want to allow inbound access but not outbound traffic. Question 2: Do I also need to disable commands like rsync and scp for the user? This answer sounds like my desired est up is not possible.

Not sure it matters, but I'm running Ubuntu 16.04.

Improve this question

1 Answer 1

Reset to default
2

What you want is not possible. Worst case, screenshots. Second case, run this on the client:

script ssh user@secureServer ... login as usual ... cat secretFile exit

The data will now be in the file typescript on the calling client.

Your best approach would be the equivalent of a Non Disclosure Agreement (i.e. procedural rather than technical).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.