similar to: PATCH: sftp-server logging.

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:

This patch adds a readonly mode to scp and sftp_server. This allows clients to only read files from the server, but not to write them. Patch is based on OpenSSH 3.4p1 *** scp.c@@\main\1 Tue Oct 1 17:25:16 2002 --- scp.c Wed Oct 2 06:05:14 2002 *************** *** 122,127 **** --- 122,130 ---- /* This is set to zero if the progressmeter is not desired. */ int showprogress = 1; + /* deny

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL);

One of the features missing in sftp is the ability to transfer a symlink. This patch adds a new command to sftp which performs this transfer. Note that it uses messages that already exist in the protocol between client and server. This diff is based on OpenSSH 3.4p1. *** sftp-client.c@@\main\1 Tue Oct 1 17:26:20 2002 --- sftp-client.c Wed Oct 23 15:57:34 2002 *************** *** 666,672 ****

The get_handle function can return a negative value. The variable that value is assigned to is eventually passed to handle_close which uses the value as an array index thus not being able to handle negative values. This patch adds the return code check and provides an appropriate error exit in the event of a negative return code. This entire set of patches passed the regression tests on my

This is needed to be able to support a rename() operation conforming to POSIX in the SSH filesystem. With the rename operation defined in the SFTP spec, this is impossible, since in case the target exists it's not possible to perform the rename+unlink atomically. Miklos Index: ssh/sftp-server.c =================================================================== --- ssh.orig/sftp-server.c

Here's a patch that adds support for the creation of hard links over SFTP. Hard links are not used very often nowdays, but they do still have their uses and this is currently the most often requested improvement for SSHFS. To detect hard links the st_nlink, st_dev and st_ino attributes are usually used. I'll also post patches adding extensions for these and other attributes. Please

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after

Hi, Thanks a lot for this great software :) I'm trying to do something to secure my server. I need to disable removing file or removing directory using SFTP. In other words, the user can only write, move but not delete the file. This will be used to store logs so, I need to make sure once the logs written to my server the user cannot remove it. I tried doing this by changing the code of

Hello, Couple of days ago, I received a request from a customer. He wants to provide sftp users access to a directory tree containing files. The users must have full rights, but he also wants to avoid moving or deleting directories. This is mostly to prevent mistakenly drag and drop from user's graphical client (Filezilla). Said differently, he wants to protect the directories organization.

And while we are at it, can you please comment on these patches as well, originally submitted around one year ago. Oh, and I think we can agree, that the secsh-filexfer standardization is dead, so there's not much point in trying to support newer protocol versions, which don't have statfs anyway. Thanks, Miklos ----- This is needed to be able to support statfs operation on an SSH

Hi, I've already discussed this issue in SSHSCI's SSH 2.2 context on ssh at clinet.fi list. My standpoint is that it's wrong and meaningless to perform chown in sftp-server as the file is most likely copied between systems with distinct accounting system where user is not necessarily (and even unlikely) has same numeric user id. The original bug report was that user couldn't

Hello everyone, Has there been any thought given to giving the SFTP subsystem better logging capabilities? We are looking to replace FTP, Telnet, and Rexec completely, but our FTP is presently logged and any replacement for it would also need to be logged. Specifically, we need to know about file uploads and downloads, deletions. et cetera. I've added some logging code to sftp-server.c,

I'd like to propose the following extensions to the SFTP protocol. - statvfs operation - atomic rename (just plain POSIX rename() without the existence check) These are the most requested features in SSHFS, which need support in sftp-server too. They could be added to the current protocol with the SSH_FXP_EXTENDED message type. Here's a patch implementing the statvfs operation. It

This is needed to be able to support statfs operation on an SSH filesystem (http://fuse.sourceforge.net/sshfs.html). It uses and sends only those fields of struct statfs which are common with struct statvfs as defined by POSIX, and which are shared among most UNIX-like systems. The SSH_FXP_EXTENDED message type is used, so this change is backward compatible and conforms to the protocol

Sftp fails to correctly preserve permissions when fetching a file. It adds write permission for the owner (presumably so it can write the file). Sftp also fails to preserve the uid/gid. Added code so that if is running as root, uid and gid are preserved. patch is based on Openssh 3.4p1. *** sftp-client.c@@\main\1 Tue Oct 1 17:26:20 2002 --- sftp-client.c Tue Nov 5 10:22:52 2002

Hi, I submitted this a few weeks ago but here it is again since I got no response. If there is somewhere else I should send this, please tell me. This patch implements SSH2_FXF_APPEND in the sftp server. It is a fairly trivial patch and applies against the proper OpenSSH and the Portable edition. I would argue that it is important for OpenSSH to implement SSH2_FXF_APPEND since it is in the

I'm working on setting up a semi-trusted sftp service, and to get it working, I need chroot capability. I've taken the /./ wuftpd magic token code from contrib/chroot.diff and put it into the sftp server. The main problem is that privileges have been dropped by the time the subsystem is exec'ed, so my patch requires that sftp-server be setuid root. Not ideal, I know, but I drop all

This patch adds all the missing commonly used UNIX attributes: st_dev, st_ino, st_nlink, st_rdev, st_blocks, st_blksize, st_ctime. In addition it extends st_atime and st_mtime to 64bits, and adds nanosecond resolution to all three timestamps. This is implemented as an extension to the ATTR message. This patch alone is sufficient for SSHFS to be able to use these attributes. The following two