Displaying 20 results from an estimated 10000 matches similar to: "How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)"
2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
Hi Peter,
What I am looking for is an SSHD configuration where every successfully
authenticated connection also guaranteedly will lead to a ForcedCommand
invocation.
Currently I understand this to be the case only for the connections that
open channel to deliver a terminal, command or SFTP (I don't know if you
have a collective name for such non-forwarding channels).
Is this possible?
2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
On 2015-11-26 13:03, Darren Tucker wrote:
> On Thu, Nov 26, 2015 at 3:41 PM, Tinker <tinkr at openmailbox.org> wrote:
>> What I am looking for is an SSHD configuration where every
>> successfully
>> authenticated connection also guaranteedly will lead to a
>> ForcedCommand
>> invocation.
> [...]
>> Is this possible?
>
> I don't think
2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
On 2015-11-26 13:33, Darren Tucker wrote:
> On Thu, Nov 26, 2015 at 4:11 PM, Tinker <tinkr at openmailbox.org> wrote:
>> The goal is to get a script invoked *at login time*,
>
> This part I follow, but having a script run is just a means to an end
> not the end itself. What is the script going to do?
>
>> so that the authentication only is known to the client
2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
On 2015-11-26 14:16, Darren Tucker wrote:
> On Thu, Nov 26, 2015 at 4:49 PM, Tinker <tinkr at openmailbox.org> wrote:
>> On 2015-11-26 13:33, Darren Tucker wrote:
> [...]
>>> What is the script going to do?
>
> You didn't answer this.
Register the login to the group's login database.
>> How would you do it using bsdauth?
>>
>> (PAM
2014 Jun 25
4
SFTP &
Hello List.
?
i?m trying to setup a limited SSH server with SFTP.
The requirements:
-????????? There are users to whom only SFTP should be available. (sftp-only group)
-????????? There are users to whom SFTP and shell access should be available (admin group)
-????????? SFTP clients have to authenticate with username and password
-????????? shell users have to authenticate with private key.
2009 Oct 23
3
internal-sftp only without ssh and scp hanging
I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh
chroot functionality).
i.e.
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory /chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
So far everything works correctly with sftp but when a user ssh's or
scp's to the box the login
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> I'm just trying to figure out under what normal circumstances a
> connection with X11 forwarding enabled wouldn't be owned by a user who
> already has normal system privileges for ssh, sftp, and scp access.
Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
X11Forwarding enabled by default.
DES
--
2016 Sep 27
4
[Bug 2618] New: net-misc/openssh-7.2_p2: Terribly slow Interactive Logon
https://bugzilla.mindrot.org/show_bug.cgi?id=2618
Bug ID: 2618
Summary: net-misc/openssh-7.2_p2: Terribly slow Interactive
Logon
Product: Portable OpenSSH
Version: 7.2p2
Hardware: amd64
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
2015 Aug 02
2
Chrooted SFTP-only users along with normal SFTP
Hi!
I want to set a OpenSSH server which restricts some users to only
chrooted SFTP, while others have full/normal ssh, scp and sftp access.
Most or all guides on the web say that I should enable the config line
"Subsytem sftp internal-sftp" among other things, but I've found out
that this only causes non-restricted users to not be able use SFTP at
all, only the chrooted users.
2007 Jul 28
3
chroot'd SFTP
Thanks for these 3rd party hacks! I don't trust them.
There must be such feature in openssh out of box.
So the most secure/easyer method of giving sftp access to porn collection is:
Damiens sftp-server chroot patch, which I hope to see in openssh one day :)
http://marc.info/?l=openssh-unix-dev&m=116043792120525&w=2
# useradd -d /data/p0rn -m share
/etc/ssh/sshd_config:
Match user
2008 Nov 11
2
Fwd: Permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2023 Nov 12
3
restrict file transfer in rsync, scp, sftp?
I am supporting a site that allows members to upload release files. I
have inherited this site which was previously existing. The goal is
to allow members to file transfer to and from their project area for
release distribution but not to allow general shell access and not to
allow access to other parts of the system.
Currently rsync and old scp has been restricted using a restricted
shell
2008 Nov 11
3
Directory permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2016 May 09
3
Cannot get sftp transfers to log in the systemd journal
I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line:
Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE
I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected.
2016 Aug 03
2
Configure option '--with-ssh1' breaks openssh-7.3p1
On 08/03/16 02:12, Darren Tucker wrote:
> On Wed, Aug 3, 2016 at 7:42 AM, rl <rainer.laatsch at t-online.de> wrote:
> [...]
>> /Data/openssh-7.3p1/DESTDIR/usr/local/sbin/sshd -p 222 -f \n
>> DESTDIR/usr/local/etc/sshd_config
>
> It looks like you have an embedded newline in the config file name
> you're passing to sshd. If that's the case I'm
2023 Nov 12
2
restrict file transfer in rsync, scp, sftp?
On Sat, 11 Nov 2023, Bob Proulx wrote:
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
>
>
2020 Sep 26
2
Debian client/workstation pam_mount
Maybe I am not testing the signin correctly. Here is what I am doing. I
sign into the client/workstation (hereafter referred to as C/W) via ssh as
the local "admin" from another C/W so I can open many terminals to tail log
files. Then "sudo -i" into "root". All testing is run as "root". When I
sign into "root", I see this:
> admin at lws4:~$
2012 Sep 30
2
User can't use SFTP after chroot
Hi,
I've posted this question on ServerFault, but no answer has been found
(http://serverfault.com/questions/431329/user-cant-sftp-after-chroot).
I have version 1:5.3p1-3ubuntu7
To sum up: I want to chroot the user sam. Things I have done:
- add user 'sam' to group 'users'
- added Subsystem sftp internal-sftp to /etc/ssh/sshd_config (at the bottom)
- added a Match :
--
Match
2023 Nov 12
1
Match Principal enhancement
Hi OpenSSH devs,
I?m wondering if the following has any merit and can be done securely ...
If you could match on principals in the sshd_config, then (for example) on a gateway machine, you could have something like
/etc/ssh/authorized_keys/sshfwd:
cert-authority,principals=?batcha-fwd,batchb-fwd? ...
/etc/ssh/sshd_config containing:
Match User sshfwd
PubkeyAuthentication yes
2019 Dec 29
2
securing a hop
for the A nat B C connect back to A using -R 2222:localhost:22 pattern,
(see diagram at https://github.com/daradib/sidedoor)
I want to limit B's user to just what is needed to do the port forward.
I am hoping this is documented, but I can't find much more than "you should
future out how to secre it."
I setup an ansible playbook to instal and configure sidedoor on A. I have