similar to: Limiting an authorized key to scp access

Hi. It would be of utmost utility if there were a way to cause the sshd "banner" configuration setting to only print the banner in certain circumstances. What I'm actually after is avoiding printing out the banner for non-interactive sessions, so that if I run "ssh somehost ls" I don't get the login banner, but if I just type "ssh somehost" I do (at

https://bugzilla.mindrot.org/show_bug.cgi?id=1687 Summary: scp/sftp is not working when using key based (authorized_keys2) authentication Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp

https://bugzilla.mindrot.org/show_bug.cgi?id=1172 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX CC|

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

I almost never use bare 'scp' or 'sftp' anymore; I start with either 'rsync' or, if 'rsync' is not present and not installable on one end or the other, the "tar-over-bare-ssh" approach: ``` tar cf - localpath | ssh remote.host 'cd remotepath && tar xvf -' ``` I'd be in favor of one of the following: 1. 'scp' goes away, and

Hi, I was thinking about the difficulties and complexities of using chroot in scp or sftp-server, in order to limit the user in which files they can access. I've seen a lot of arguments about how it is pointless to try and secure scp or sftp (also from a logging perspective) because if we allow SSH access, the user can simply provide their own scp or sftp binary, that does not do the

scp may be an ugly protocol, but it works, works nicely from a command line, and is quite convenient. FTP (and, presumably, sftp) is not nearly as convenient. Why do you think your recommendation to "use sftp instead" keeps falling on the deaf ear? Usability, perhaps? Perhaps it's time to stop preaching to people about what they should use, but instead - if you really want a change

Hi, On Thu, Jan 24, 2019 at 08:26:39PM +0000, Colin Watson wrote: > On Thu, Jan 24, 2019 at 12:00:48PM -0800, Jim Knoble wrote: > > 3. 'scp' stays, but becomes the CLI for SFTP, and the SCP protocol breaks. > > Why does "scp becomes the CLI for SFTP" necessitate "the SCP protocol > breaks"? The way scp works today is "run ssh to the remote,

On Tue, 2020-06-23 at 08:06 +0200, Markus Friedl wrote: > I had something in mind like this for years, but with slightly > different steps: > My naive approach would be to keep the scp user interface and switch > to the sftp protocol internally. We could add a -M [scp|sftp] option > to scp and select the internal protocol. Later we switch the default > from scp to sftp. > No

Hello all, I've taken a brief skim of the archives available on theaimsgroup and talked to some others regarding the ideas on chroot SSH/SFTP/SCP functionality. I've also investigated a few of the various patches out for chroot sftp|scp|ssh and am a bit of a loss at finding 'an elegant solution' to the problem. Bearing in mind the excellent starting ground of John Furman's

Why does the local scp determine what characters are valid in a remote host userid? A friend of mine just had his ISP convert him to using a userid of the form 'user#isp-acct' (eg, "ssh -l 'joe#foo.org' foo.org" is used to login). The OpenSSH ssh and sftp commands both allow this form of userid. However, it seems that scp has its very own idea of what characters are

I have not been able to get scp(1) to download a file with a newline in its name. I know that scp(1) requires that remote filenames be escaped for the shell, but that leads to protocol errors. I am also unable to get sftp(1) to handle such files. It fails with an ?unterminated quoted argument? error, no matter how I try to quote the newline. Furthermore, the SFTP CLI is not well-suited to

I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century

Hi. I was wondering a couple things relating to PAM authentication: 1. I found that expired passwords caused authentication failure, rather than the expected behaviour of forcing a paswword change. After perusing the auth-pam.c file (as it appears in openssh-3.4p1), I found that the reason is that the case for the relevant return value (PAM_AUTHTOKEN_REQD) from pam_acct_mgmt is wrapped

Hello, I have a file server that serves files over rsync and scp (all over ssh - in fact, ssh is the only service listening) I would like to limit each user to no more than X concurrent ssh sessions (regardless of what they are doing (interactive login, scp, rsync, etc.)) I have read the documentation and man pages and it looks like I need to set this in /etc/pam.d/sshd, but I don't know

Hi, I have been looking for info in the mail archive, but I haven't found anything about this: is there any way to select which keys are authorized to use de sftp subsystem and which ones not? It means, if I include the sftp-server subsystem in the sshd configuration file, it is available to everyone, isn't? Thanks in advance for your time! -- Best regards, C?sar

On Fri, 8 Dec 2023 at 07:39, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote: [...] > Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break. > Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts? sftp should work regardless of the user's shell since it is invoked as a ssh subsystem

On Sun, 2 Feb 2025, Jochen Bern wrote: > On 01.02.25 22:30, Christoph Groth wrote: > > An --interactive option that behaves just like the one in cp would solve > > the issue for me. I would happily alias scp to scp --interactive. Is > > there any technical or other reason why scp does not have such an option > > or something similar? > > Seeing that (the PUT

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

On 2020/08/05 16:17, raf wrote: > The problem is when, for example, you only have > scp/sftp access to a remote server, such as your bank, > and you use WinSCP to transfer transaction files to > them to be actioned (people do this where I work), and > the bank hasn't properly protected themselves from this > "vulnerability". I really hope all banks do take this >