search for: sftponly

...table OpenSSH Version: 5.3p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sftp-server Assignee: unassigned-bugs at mindrot.org Reporter: rake74 at gmail.com Match Group sftponly ChrootDirectory /cust/ftp/secure/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -l INFO Match Address *,!10.* Group *,!sftponly ForceCommand echo 'External shell access denied.' These two lines succeed at: 1) when connections ar...

...Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org ReportedBy: giulius at gmail.com Successfully created a chroot sftp user and his structure: nomad:~# grep prova /etc/passwd prova:x:1000:107:,,,:/:/bin/false nomad:~# grep ftponly /etc/group sftponly:x:107: nomad:~# less /usr/local/test_openssh/etc/sshd_config ... Subsystem sftp internal-sftp Match User prova ForceCommand internal-sftp ChrootDirectory /siuvar/chroots/prova/ AllowTcpForwarding no X11Forwarding no ... I already know it is not possible for the user prova to write directl...

I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain SFTP-only users. I use the following lines in my sshd_config file: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp It works great. The problem is that some of my users need umask 002 for their uploads. I tried a few ways to achieve this: * set umask in sshrc, .profile, etc... fails because no shell is used with internal-sftp * set the umask to...

Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config: # override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This actually works great, but none of the activities of sftponly group members is getting logged. The man page for sftp-server says: "For logging to work, sftp-server must be able to access /dev/log. Use of sftp-server in...

...P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: devel at sapphirepaw.org Setup: main config file with "Include /etc/ssh/sshd_config.d/*.conf" line as the first active directive. Create /etc/ssh/sshd_config.d/test.conf with: Match Group sftponly ForceCommand internal-sftp ChrootDirectory /sftp Now, assuming a working chroot layout (/sftp owned root:root, /sftp/home/testuser exists, testuser is in group sftponly and their home dir is /home/testuser), run: sshd -C 'user=testuser' -T The ForceCommand and ChrootDirectory are not app...

...t I want except that it leaves the user in the root of the chroot area. I can't make the user's directory the chroot since that is not owned by root. So I added code to allow me to specify the home directory. So, for example, I have the following Match stanza in sshd_config: Match Group sftponly ChrootDirectory /u/ AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp HomeDirectory /%u/ Now the user is dropped into his own home directory under the chroot area. I'm not sure if the name is correct - we don't have to actually specify his home director...

Hello! Please take a look at this problem: 1. at sshd_config: Subsystem sftp internal-sftp Match group sftponly ? ? ? ? ?ChrootDirectory /public ? ? ? ? ?X11Forwarding no ? ? ? ? ?AllowTcpForwarding no ? ? ? ? ?ForceCommand internal-sftp 2. at client's bash: sshfs server:/ /home/kr/krpub-mount -o uid=$(id -u kr) -o gid=$(id -g kr) -o allow_other -o default_permissions -o reconnect -o no_check_root -o...

...l and also no hanging connections... sftp works right now. thanks! --------------------------------------- Protocol 2 PermitRootLogin without-password ChallengeResponseAuthentication=no UsePAM yes X11Forwarding yes PrintMotd no PrintLastLog no Subsystem sftp internal-sftp Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no --------------------------------------- using OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009 example user: test:x:1012:1009::/home/test:/bin/false maybe a new option: DisconnectOnShel...

...(sftp file control comes to mind) were produced indicates there are other users that would also like more control over file permissions. My solution was to add yet another option to sftp-server/internal-sftp that forces file permissions, so something like the following in sshd_config: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp -m 660 Or even globally: Subsystem sftp /usr/local/libexec/sftp-server -m 600 Please see the attached patch. I have only been able to test the changes on RHEL4 and Ubuntu 10.04. I have been running a patched version of 5.6p1 in...

Hello: I got the error EXDEV (Invalid cross-device link) when renaming one file to another directory that is actually mounting another file system. I am using SSH-2.0-OpenSSH_6 with standard SFTP setup as below Subsystem sftp internal-sftp Match group sftponly ChrootDirectory /home/sftp/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp there are two subdirs in a user home subPlain (a plain unix dir) subMounted (a dir that is actually mounting a different file system, or using mount --bind <tar...

...d various Fedora versions from 8, to 11 and 12. Using syslog and rsyslog. Pertinent sshd_config settings: # tried with both lower case and upper case, same (should not matter) Subsystem sftp internal-sftp -f AUTH -l VERBOSE # Example of overriding settings on a per-user basis Match Group sftponly ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -f AUTH -l VERBOSE #### >From /etc/rsyslog.conf *.info;mail.none;authpriv.none;cron.none;auth.* /var/log/messages ##### Any suggestions would be helpful and VERY appreciated. N...

...reportlab.com Created attachment 2061 --> https://bugzilla.mindrot.org/attachment.cgi?id=2061 patch to fix the 'bug' The code in match_pattern_list will never return 1 for a pattern with all negated entries. In particular this match line can never succeed Match User !adminguy Group sftponly The problem is that the code at match.c line 157 only tests for negation in the case of successful matching. In this case we want the User test to succeed if the user is not adminguy. That can happen if the code is patched to set get_positive if a failed match is negated. The attached trivial patc...

...ication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes Match group sftponly ForceCommand internal-sftp ChrootDirectory /ftp/scotia ------------------------------------------------- Please a need help beacuse this server is urgent for the enterprise. I don't know what a need to do. Regards.

...ware: amd64 OS: Linux Status: NEW Severity: security Priority: P5 Component: sftp-server Assignee: unassigned-bugs at mindrot.org Reporter: paul at mackinney.net I'm running an openssh server with internal-sftp and an sftponly group whose members can only sftp into a chroot environment. I've specified INFO level logging and added a rule to rsyslog so that I get file level event logging. One client connected and I didn't get any logging for opendir, closedir, open or close events. I did get a reverse mapping erro...

...fied by the client. The numeric permissions following the -m parameter are bounds checked by the same method now used for the -u parameter and can only range from 0 - 0777. Implementation in sshd_config would obviously be something like: ----------------------------------------------- Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp -m 660 ----------------------------------------------- or ---------------------------------------------------- Subsystem sftp /path/to/sftp-server -m 600 ---------------------------------------------------- I have tested extensi...

https://bugzilla.mindrot.org/show_bug.cgi?id=1750 Summary: Sftp hangs if stderr is used. Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at