similar to: SSH using Keys, no password and SFTP?

Hi All, On one of my servers I have a personal account and root. I disable root for ssh logins and run ssh on an alternative port. When 'scp'ing files I usually scp them up, then ssh in 'su' root and move them to /var/www/html. I can sftp I realize, but what group can I add my personal account to, but not root, so I can sftp in and put the files in /var/www/html? Secondarily

Hi, I have a problem with file transfers between a windows systems and unix systems. I have one win32 desktop (intel e6400 2Gb Ram), one win32 laptop (p-m 2Ghz). Also one linux laptop (p-m 1.4GHz) and one opensolaris desktop (intel e4400 1GB Ram). The two laptops have built-in 100Mbit ethernet and desktops have 1Gbit ethernet on the motherboard. Both desktops use a Marvell Yukon. The file

https://bugzilla.mindrot.org/show_bug.cgi?id=1687 Summary: scp/sftp is not working when using key based (authorized_keys2) authentication Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp

Hello List, dont have experience with selinux, but i want to know if it would be a practicable way to secure sshd with selinux. i have some webservers and want to grant ssh-access to some users. my plan ist to make new server where users are able to log in. the homes from webserver are mounted in by nfs etc. i dont like chroot-env for ssh, a lot of disadvantages... also i dont like if users

Damien, Reading the various articles about https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt have caused me to question the wisdom of using scp. Your observation: > Date: Tue, 22 Jan 2019 13:48:34 +1100 (AEDT) > From: Damien Miller <djm at mindrot.org> > Subject: Re: Status of SCP vulnerability > > "Don't use scp with untrusted

On 2020/08/05 16:17, raf wrote: > The problem is when, for example, you only have > scp/sftp access to a remote server, such as your bank, > and you use WinSCP to transfer transaction files to > them to be actioned (people do this where I work), and > the bank hasn't properly protected themselves from this > "vulnerability". I really hope all banks do take this >

I almost never use bare 'scp' or 'sftp' anymore; I start with either 'rsync' or, if 'rsync' is not present and not installable on one end or the other, the "tar-over-bare-ssh" approach: ``` tar cf - localpath | ssh remote.host 'cd remotepath && tar xvf -' ``` I'd be in favor of one of the following: 1. 'scp' goes away, and

On Jan 24 03:47, Malcolm wrote: > Quoting Chris High <highc at us.ibm.com>: > > > caught my eye. Do you see any 'advantage' to using sftp with an untrusted > > server? If so, any thoughts about making an easy way to disable scp both > > client and server side when doing an installation? > > SFTP allows file resume, while scp does not. If this

On Mon, 4 Nov 2019 at 14:07, David Newall <openssh at davidnewall.com> wrote: > [about scp] That's just awful, and I should have > thought it was not at all necessary. Am I missing something? > If you're saying that the scp protocol is an unfixable mess then the openssh team has been agreeing[0] with you for at least a decade and a half. We fix what we can, but some

Dear all, i've appended the below to /etc/bashrc it works like a charm with ssh connections though SFTP sessions fail since the below is being sent to the intiator. any way of limiting the below to none sftp sessions? or any other idea for it to work? # If id command returns zero, you?ve root access. if [ $(id -u) -eq 0 ]; then # you are root, set red colour prompt echo

Hi, I was thinking about the difficulties and complexities of using chroot in scp or sftp-server, in order to limit the user in which files they can access. I've seen a lot of arguments about how it is pointless to try and secure scp or sftp (also from a logging perspective) because if we allow SSH access, the user can simply provide their own scp or sftp binary, that does not do the

Hi ya'll- I'm having this weird problem with the new version of OpenSSH compiled on Solaris, version 4.3p2. SSH and SSHD work fine, all is well. But when I try to sftp or scp something I get this: % sftp bullitt Connecting to bullitt... command-line: line 0: Bad configuration option: PermitLocalCommand Connection closed % "PermitLocalCommand" doesn't appear in

On Thu, 2019-01-24 at 12:27 -0600, Ben Lindstrom wrote: > I know it isn't a "UI replacement" but it at least provides a more > complete UI for phasing people off of scp. I don't think this is an ideal solution... OpenSSH should be "overall" secure (that's what it's meant for), and especially not be a collection of tools/algos/etc. of which some(!) are

It looks like everyone has tried to fix the cookies lately, and no-one managed to get it 100% correctly. The current implementation doesn''t set the path correctly, and you can''t use @cookies in a #service-overload. Qwzybug''s patch fixed only the sessions. Jenna''s patch won''t allow to set complex cookies (@cookies.key = {:path => "/path",

On Tue, 2020-06-23 at 08:06 +0200, Markus Friedl wrote: > I had something in mind like this for years, but with slightly > different steps: > My naive approach would be to keep the scp user interface and switch > to the sftp protocol internally. We could add a -M [scp|sftp] option > to scp and select the internal protocol. Later we switch the default > from scp to sftp. > No

Hi, my goal: sftp/scp only access, without the need for linux users. I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account" I don't want to create linux users for each of them. I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory. Every

On Fri, 8 Dec 2023 at 07:39, Philip Prindeville <philipp_subx at redfish-solutions.com> wrote: [...] > Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break. > Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts? sftp should work regardless of the user's shell since it is invoked as a ssh subsystem

Hello all, I believe we all can agree that scp is ugly protocol carried for ages only for its simplicity of its usage and really no dependencies as it is installed together with every ssh client. But as we have seen recently, its simplicity and flexibility comes with security issues [1], it does not have great performance and there is really no development in there. Over the years, we still keep

Hello all, I've taken a brief skim of the archives available on theaimsgroup and talked to some others regarding the ideas on chroot SSH/SFTP/SCP functionality. I've also investigated a few of the various patches out for chroot sftp|scp|ssh and am a bit of a loss at finding 'an elegant solution' to the problem. Bearing in mind the excellent starting ground of John Furman's

Hi, We have a CLI that certain users get dropped into when they log in. One of the things they can go is generate certificates (actually .p12 key/certificate bundles) that they will then scp out of the box from another host. Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break. Is there a workaround to allow scp/sftp to continue to work even for