similar to: SCP logging and file validation

Hello List, I'am using the ForceCommand in my sshd configuration to log all the user actions on my device. ForceCommand /usr/bin/log-session.sh The Log Session Script itself is working fine for logging. But now I want also use SCP to copy files and this won't work together with the ForceCommand above. The copied file is created but its zero byte on the target. scp file.tar.gz

Hi all, Looking around for a way to turn on server side logging of files transferred via sftp/scp, these kept-up-to-date patches cropped up: For SFTP http://sftplogging.sourceforge.net For SCP http://sweb.cz/v_t_m/ (near the bottom) Would someone from the OpenSSH team have time/inclination enough to look at adding these to OpenSSH itself? Regards and best wishes, Justin Clift Unix

I almost never use bare 'scp' or 'sftp' anymore; I start with either 'rsync' or, if 'rsync' is not present and not installable on one end or the other, the "tar-over-bare-ssh" approach: ``` tar cf - localpath | ssh remote.host 'cd remotepath && tar xvf -' ``` I'd be in favor of one of the following: 1. 'scp' goes away, and

Hi, as much people in the past i'm looking for a way to "syslog" the files people copy to and from our sshd via scp. Unfortunatly SFTP/FTP-over-SSH2 are not an option. The people using the scp-access are configured for an scp-only-shell ( http://www.sublimation.org/scponly/). We use OpenSSH-2.9p1 in a chrooted-environment for content-deployment, therefore we need to log every file

https://bugzilla.mindrot.org/show_bug.cgi?id=1652 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED CC| |djm

I am basing a patch off of the sftplogging project on sourceforge to add support for mysql logging for both sftp/scp. I have mysql compiled in successfully and logging fine on connects/quits but my issue is sending a file.. it does the reading from the sockets in this function i take it static void process_read(void) { Now it does that for each chunk that it gets over the socket from what i can

Hi, I was thinking about the difficulties and complexities of using chroot in scp or sftp-server, in order to limit the user in which files they can access. I've seen a lot of arguments about how it is pointless to try and secure scp or sftp (also from a logging perspective) because if we allow SSH access, the user can simply provide their own scp or sftp binary, that does not do the

scp may be an ugly protocol, but it works, works nicely from a command line, and is quite convenient. FTP (and, presumably, sftp) is not nearly as convenient. Why do you think your recommendation to "use sftp instead" keeps falling on the deaf ear? Usability, perhaps? Perhaps it's time to stop preaching to people about what they should use, but instead - if you really want a change

Hi, On Thu, Jan 24, 2019 at 08:26:39PM +0000, Colin Watson wrote: > On Thu, Jan 24, 2019 at 12:00:48PM -0800, Jim Knoble wrote: > > 3. 'scp' stays, but becomes the CLI for SFTP, and the SCP protocol breaks. > > Why does "scp becomes the CLI for SFTP" necessitate "the SCP protocol > breaks"? The way scp works today is "run ssh to the remote,

Hi, sorry about bothering you like this but despite several tries my recent posts to ssh at clinet.fi never appear on that list, and I don't know where else to turn. I was unable to get sftp/scp to work when using OpenSSH 2.3.0p1. No one could solve this problem and evenutally I was told to try "a recent snapshot". Now I've installed 2.5.1p1, but still no cigarr :(. I have

On Tue, 2020-06-23 at 08:06 +0200, Markus Friedl wrote: > I had something in mind like this for years, but with slightly > different steps: > My naive approach would be to keep the scp user interface and switch > to the sftp protocol internally. We could add a -M [scp|sftp] option > to scp and select the internal protocol. Later we switch the default > from scp to sftp. > No

Hello all, I've taken a brief skim of the archives available on theaimsgroup and talked to some others regarding the ideas on chroot SSH/SFTP/SCP functionality. I've also investigated a few of the various patches out for chroot sftp|scp|ssh and am a bit of a loss at finding 'an elegant solution' to the problem. Bearing in mind the excellent starting ground of John Furman's

I have not been able to get scp(1) to download a file with a newline in its name. I know that scp(1) requires that remote filenames be escaped for the shell, but that leads to protocol errors. I am also unable to get sftp(1) to handle such files. It fails with an ?unterminated quoted argument? error, no matter how I try to quote the newline. Furthermore, the SFTP CLI is not well-suited to

I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century

On Thu, 2019-01-24 at 12:27 -0600, Ben Lindstrom wrote: > I know it isn't a "UI replacement" but it at least provides a more > complete UI for phasing people off of scp. I don't think this is an ideal solution... OpenSSH should be "overall" secure (that's what it's meant for), and especially not be a collection of tools/algos/etc. of which some(!) are

On Fri, 8 Dec 2023 at 07:39, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote: [...] > Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break. > Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts? sftp should work regardless of the user's shell since it is invoked as a ssh subsystem

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

Why does the local scp determine what characters are valid in a remote host userid? A friend of mine just had his ISP convert him to using a userid of the form 'user#isp-acct' (eg, "ssh -l 'joe#foo.org' foo.org" is used to login). The OpenSSH ssh and sftp commands both allow this form of userid. However, it seems that scp has its very own idea of what characters are

On 2020/08/05 16:17, raf wrote: > The problem is when, for example, you only have > scp/sftp access to a remote server, such as your bank, > and you use WinSCP to transfer transaction files to > them to be actioned (people do this where I work), and > the bank hasn't properly protected themselves from this > "vulnerability". I really hope all banks do take this >

On Jan 24 03:47, Malcolm wrote: > Quoting Chris High <highc at us.ibm.com>: > > > caught my eye. Do you see any 'advantage' to using sftp with an untrusted > > server? If so, any thoughts about making an easy way to disable scp both > > client and server side when doing an installation? > > SFTP allows file resume, while scp does not. If this