similar to: read only sftp access

Guys, There was some discussion a while ago on this list about making SFTP connections for users that don't have a "valid" shell. The solution i saw on the list was to use sftp-server as a shell. Now, that's fine and it seems to work. However, i would like to provide SFTP access to users with arbitrary shells, no matter if the shell exits immediately (/bin/false) or not (some

http://bugzilla.mindrot.org/show_bug.cgi?id=742 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Summary|sftp doesn't honor "Protocol|Allow sftp to read config |1" in config

Hi all, I am using Match directive and internal-sftp to chroot sftp users into their directory. Connection and login works. I can change directories and put/get files. Also logging of the internal sftp-process works (created a /dev/log socket inside the chroot). As soon as I use the 'ls' command, nothing happens and the the process gets stuck. Listing files does work as soon as I remove

Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users.

I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh chroot functionality). i.e. Subsystem sftp internal-sftp Match group sftpusers ChrootDirectory /chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp So far everything works correctly with sftp but when a user ssh's or scp's to the box the login

Out of the box on Solaris 2.7 using the internal entropy system. I am able to login but as soon as I get past the password prompt it dies because it claims the RNG is not initialised. Transcript: [..] debug: got SSH2_MSG_SERVICE_ACCEPT You have entered the land of dragons and mystical creatures. This server does not exist.

On Tue, Jan 26, 2016 at 1:51 PM, Michal Privoznik <mprivozn@redhat.com> wrote: > On 26.01.2016 14:35, Andrei Perietanu wrote: > > On Tue, Jan 26, 2016 at 12:39 PM, Michal Privoznik <mprivozn@redhat.com> > > wrote: > > > >> On 26.01.2016 12:30, Andrei Perietanu wrote: > >>> Hi all, > >>> > >>> I am running KVM on a 3.18

Hello, I am investigating a data-loss bug in SSHFS (https://github.com/libfuse/sshfs/issues/72). While the root cause is in SSHFS and has already been fixed, there seems to be some unfortunate interaction with what I believe is an OpenSSH bug: As far as I can tell, when sending a SSH_FXP_OPEN request with SSH_FXF_WRITE (i.e., opening the file write only), and then following up with a

Hi all, I'm setting up a system where users will only be able to use "sftp" but not "ssh" to connect to the server (http://www.snailbook.com/faq/restricted-scp.auto.html). Here's the setup... Server: OpenSSH 2.5.2p2-1 on RH Linux Client: Commercial SSH 2.4 on Solaris The vendor on the client system creates a key pair and sends it to me. I then add the vendor's

Hi, I need to make a custom code change in sftp-server module to copy the received file outside the chroot-setup. I am trying to chroot repeatedly to get physical root directory and the copy received file to a directory outside chrooted directory. The children processes are owned by the sftp-user and so, sftp child process does not have permission to escape out of chroot. Is there a simple way

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

(another in an ongoing list of things i just want to clarify for the sake of future courses taught on centos.) from this RHEL doc page: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-openssh-server-config.html the reader is advised to, for the sake of security, remove/disable vsftpd, ostensibly in favour of sftp/sftp-server. really? i can obviously

http://bugzilla.mindrot.org/show_bug.cgi?id=934 ------- Additional Comments From opensshbugzilla at prikryl.cz 2005-01-10 03:38 ------- Hello, I'm author of the metioned SFTP client (WinSCP). I have been just experimenting with this issue. For me realpath does succeed on OpenSSH server on Linux (shell.sourceforge.net). With OpenSSH client (sftp) I'm able to enter the

Hello, This patch makes it possible to restrict sftp sessions to a certain subtree of the file system on a per-Unix account basis. It requires a program such as rssh or scponly to function. A patch for rssh is also attached to this email. The method employed uses realpath() and a string comparison to check that each file or directory access is allowed. With this patch, sftp-server takes a

http://bugzilla.mindrot.org/show_bug.cgi?id=1286 Summary: SFTP keeps reading input until it runs out of buffer space Product: Portable OpenSSH Version: v4.5p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sftp

Hello, I''m using xen-unstable from 28th March, running on top of a Centos 4.3 system. All seems to work well except for one strange networking error. In my DomUs, all of my networking works except for sftp. I can wget http://www.google.com and get an HTML page back. I can ping, and I can ssh to any host I like. But if I try and sftp to any host, I get an error: socketpair:

http://bugzilla.mindrot.org/show_bug.cgi?id=934 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sftp-server |sftp Version|3.6.1p2 |-current ------- Additional Comments From djm at mindrot.org 2004-12-06 17:13

Hi, I recently discovered that my ~/.bashrc file was preventing me from using SFTP successfully. I then found documentation of sftp-server and internal-sftp. However, I could not find answers to the following questions in the documentation. 1) What are the advantages of sftp-server over internal-sftp? (I believe Ubuntu and Debian both default to "Subsystem sftp

I'm searching for a simple solution to allow access to only one directory of an existing user (that may not login) via sftp-server and authorized_keys file using the extended syntax command="/usr/lib/openssh/sftp-server --root /data/exchange",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAA...keydata Is something like that already possible, is there a

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp