similar to: Restricted SFTP

I am considering allowing (relitivly) untrusted local users onto my fileserver, so they can use SFTP to access their home directories. I have a custom shell, (a taint-mode enabled perl script) that allows users to change their password, which I have modifed to only allow a '-c' command for the sftp-server. I have also disabled TCP port forwarding. However, some reading of the OpenSSH

A question on the cutting edge sftp client in OpenSSH 2.5.1p1-1: Is there a standard set of commands for sftp clients? I was hoping to use sftp as a drop in replacement for some simple FTP transfer scripts. In particular, the ftp client allows specifying the password in the "user" command: user <account> <password> The scripts use here documents to perform the transfers.

Hello, I want to know are there any plans on the sftp client (not server) improvents? Previously I was using ssh-2.4 packages (non-commercial) and they have Fantastic sftp client. And when I've moved to openssh I found that openssh sftp client functionality is more poor then ordinary ftp client have! Here is some of the features I think, developers must concentrate on: 1. Include

I have been studing the OpenSSH code, and am looking to use it in an envriornment with untrusted local users. I have some patches to this effect, which I will post to the list in due course. In any case, I would like all users who sucessfully authenitcate to leave their mark in the system logs, in particular utmp and wtmp. As these logs mean didily-squat without unique terminal names (and

--- ../openssh/sftp-client.c Fri Feb 9 08:44:24 2001 +++ sftp-client.c Fri Feb 9 19:14:01 2001 @@ -331,7 +331,7 @@ error("Couldn't read directory: %s", fx2txt(status)); do_close(fd_in, fd_out, handle, handle_len); - return(NULL); + return(0); } } else if (type != SSH2_FXP_NAME) fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",

Hello all, Just tested sftp for the first time. Looks neat, thanks for the work :-) However, there's still some stuff to be done before ftp can be thrown into the garbage bin and never taken out again, for example: - file name globbing with e.g. 'get' - tab completion with get etc. - ability to pass parameters to 'ls', e.g. 'ls -t' (I'm not sure if the

Sorry guys, I am not meant to write to this list disturbing developers with a silly end user question, but this a matter of huge importance for me. I am running ssh-server on RedHat 6.1. Before we introduced ssh we had a couple of ftponly accounts for people downloading data from our university database. It appears that they cannot access ftponly account from any windows sftp clients. However it

As I read the manpage, you need to enable Subsystems to have the server support them. [...] Subsystem Configures an external subsystem (e.g., file transfer daemon). Arguments should be a subsystem name and a command to execute up? on subsystem request. The command sftp-server(8) implements the ``sftp'' file transfer

Yo All! openssh-SNAP-20010209.tar.gz fails to compile on Slackware. Patch at the end of this message. Here is the error: gcc -o sftp sftp.o sftp-client.o sftp-common.o sftp-int.o log-client.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/ssl -lssh -lopenbsd-compat -lcrypt -lz -lnsl -lutil -lcrypto -lwrap openbsd-compat//libopenbsd-compat.a(bsd-arc4random.o): In function

>Is there a simple way to achieve this behavior? Is there a document on >the sftp protocol somewhere? http://search.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt -- Darren J Moffat

Can a Solaris person take a look at this? -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer ---------- Forwarded message ---------- Date: Wed, 28 Feb 2001 12:33:48 +0200 From: owner-ssh at clinet.fi To: ssh at clinet.fi Subject: make 2.5.1p1 on Solaris8 Trying to build

Damien, I was going down the path of public key authentication when I encountered problems. I've been discussing it off-line using the simple example of creating a key pair with no passphrase for an account on "myserver", then trying to connect to myserver using the "ssh -i id_dsa myserver" command. It's not working, so we're debugging now (see below). If you

Damien, Reading the various articles about https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt have caused me to question the wisdom of using scp. Your observation: > Date: Tue, 22 Jan 2019 13:48:34 +1100 (AEDT) > From: Damien Miller <djm at mindrot.org> > Subject: Re: Status of SCP vulnerability > > "Don't use scp with untrusted

As of Sunday evening, OpenSSH has an interactive sftp client. It should be in the more recent snapshots. It would be appreciated if you could test new client and find all the bugs :) Please also have a read of the manpage and ensure that it matches what is implemented. I am working on fixing the ones that I know about, so please try to stay up to date with the snapshots. Thanks, Damien

It would be nice if the CVS source had a .cvsignore file in the main dir with the following items: ssh scp sshd ssh-add ssh-keygen ssh-keyscan ssh-agent sftp-server sftp configure config.h.in config.h config.status Makefile ssh_prng_cmds *.out Plus a .cvsignore file in openbsd-compat that ignored "Makefile". ..wayne..

Hi, I'm writing a c++ wrapper around ssh for KDE, mainly for use in a sftp client. My problem is when starting ssh with the sftp subsystem openssh gives no indication that password authentication succeeded. This makes it difficult for my wrapper to determine if the connection succeeded. Now determining it didn't succeed can be done by checking for another password prompt. The

Hello, This patch makes it possible to restrict sftp sessions to a certain subtree of the file system on a per-Unix account basis. It requires a program such as rssh or scponly to function. A patch for rssh is also attached to this email. The method employed uses realpath() and a string comparison to check that each file or directory access is allowed. With this patch, sftp-server takes a

I was browsing the OpenSSH sources (which are very readable, thankyou very much) and noticed that PAM was only being told what host the user is logging in from for account processing - not for password processing. As I can see no reason not to put this in start_pam this is exactly what I have done - and attached a patch to this effect. This allows PAM to fill in rhost= in its audit messages

Hello. These patches add a new mode of operation for the sftp server. It is located between the ordinary, unrestricted mode and read-only mode. It allows you to add files to the server, but only if these files do not exist on the server before. Changes to existing files - are prohibited. Please review them, maybe these patches will be useful not only to me. Thank you. -------------- next part

Hi, I wonder if sftp-server could encrypt files before writing to disc. This would make sshd a poor man's alternative for an encrypting filesystem on a server. How to get the crypto key from a client to be used by sftp-server? Upload the key to a /well/defined/key.pem virtual location? Or can you access the ssh client certificate from sftp-server? Can sftp-server call a filter? Or would one