similar to: sftp-server configuration

Hello everyone, Has there been any thought given to giving the SFTP subsystem better logging capabilities? We are looking to replace FTP, Telnet, and Rexec completely, but our FTP is presently logged and any replacement for it would also need to be logged. Specifically, we need to know about file uploads and downloads, deletions. et cetera. I've added some logging code to sftp-server.c,

Hello Folks, I'm trying to replace an FTP with several hundred users with something secure. My requirements: - transfers must be logged - users should not have any access to other users' directories - users should land in a writable directory - users should be chrooted I've been trying to get this working with OpenSSH and the internal SFTP server, but it does not

Hi, I was thinking about the difficulties and complexities of using chroot in scp or sftp-server, in order to limit the user in which files they can access. I've seen a lot of arguments about how it is pointless to try and secure scp or sftp (also from a logging perspective) because if we allow SSH access, the user can simply provide their own scp or sftp binary, that does not do the

I am currently running OpenSSH 4.3. I would like to restrict the commands SFTP users can run to a list. For example, "put, get, mput, mget, mkdir, rmdir, and rm". Is this possible with OpenSSH? I have seen many posts concerning chroot'ing and the Forced Command option, but none of these solution address restricting the commands actually available inside the SFTP subsystem. Any

Hello, This patch makes it possible to restrict sftp sessions to a certain subtree of the file system on a per-Unix account basis. It requires a program such as rssh or scponly to function. A patch for rssh is also attached to this email. The method employed uses realpath() and a string comparison to check that each file or directory access is allowed. With this patch, sftp-server takes a

HI: I tried to deploy a SFTP server with chroot but when i tried to connnect the client send the next error: Write failed: Broken pipe Couldn't read packet: Connection reset by peer The sshd_conf file is the next: ------------------------------------------------------------------- # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after

I need some help: I currently have userids setup under the existing false rooted ftp account setups without shells. I would like to convert them to use OpenSSH sftp. Can I give them restricted shells so they can't cd to other user's directories and only allow them to sftp , and how do I accomplish this ?. Also, can I use the "force" option on the authorized_keys2 file

Hello all, I would like to ask a short question about the configuration capabilities of sshd / sftp-server. I want to limit the number of connections (or instances) to an sftp-server a user can spawn from the same ip address. The reason is that multiple connections overload by box (connection). My first idea was to move control of sftp-server to xinetd. There I could maintain control of such

Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users.

Hi, I do tech support for Van Dyke Technologies, and I've run into an interesting problem with the sftp-server under some redhat linux boxes. Two separate customers reported that they were having problems using sftp with SecureFX and OpenSSH. Upon further investigation, the sshd_config file on the redhat box had an incorrect path for the sftp-server in it. The problem is that if the path

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

fyi. who is running RH7? i don't. -------------- next part -------------- An embedded message was scrubbed... From: Jason <jason at neocity.com> Subject: SFTP Server For Linux 7 Date: Thu, 11 Jan 2001 19:03:54 -0600 Size: 2121 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010112/52923a41/attachment.mht

Hello, I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users

HI All, I have setup (and it was so easy) using SSH with keys instead of password authentication. I want to turn password authentication off completely. What I dont understand is how SFTP would work them. I dont see any settings in my FTP clients to use SFTP without providing a password. If that is the case, that is fine since the FTP users have no real privileges except to their own web

A question on the cutting edge sftp client in OpenSSH 2.5.1p1-1: Is there a standard set of commands for sftp clients? I was hoping to use sftp as a drop in replacement for some simple FTP transfer scripts. In particular, the ftp client allows specifying the password in the "user" command: user <account> <password> The scripts use here documents to perform the transfers.

Dear Respected One, I am Deepak. I am currently working on SFTP application. I ve downloaded your opnessh 4.5 (latest ve rsion). I want a simple sftp library which I can link to my test application and perform ftp operati ons. Is it possible to seperate sftp out of ssh and form a sftp library ? And also please provide me the APIs in sftp which are similar to login, connect, get, put etc APIs in

I'm using the openssh that comes with Ubuntu 12.04 so thats 5.9p1 I'm trying to debug why i'm getting corrupt bzip2 files when they are transferred using sftp. The corruption doesnt happen on every file. I'm running debug mode on sftp-server, but when doing that i see output like the following for both valid and corrupt files, May 3 18:50:55 ftp-new sftp-server[16955]: debug3:

http://bugzilla.mindrot.org/show_bug.cgi?id=1229 Summary: No way to set default umask for SFTP server Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: Mac OS X Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: bitbucket at mindrot.org

Hi, I need to make a custom code change in sftp-server module to copy the received file outside the chroot-setup. I am trying to chroot repeatedly to get physical root directory and the copy received file to a directory outside chrooted directory. The children processes are owned by the sftp-user and so, sftp child process does not have permission to escape out of chroot. Is there a simple way