similar to: ls hangs in internal-sftp for LDAP users

Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : > On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >> I'm using 7.2p2-4ubuntu2.1 >> >> I have the same exact problem as described in the first comment in >> https://bugzilla.mindrot.org/show_bug.cgi?id=1573 >> >> Initially, my ldap server hostname and IP is only in /etc/hosts, not in

Le 12/05/2017 ? 14:03, Alexander Wuerstlein a ?crit : > On 2017-05-12T13:49, mh at ow2.org <mh at ow2.org> wrote: >> Le 12/05/2017 ? 12:47, Alexander Wuerstlein a ?crit : >>> On 2017-05-12T12:07, mh at ow2.org <mh at ow2.org> wrote: >>>> I'm using 7.2p2-4ubuntu2.1 >>>> >>>> I have the same exact problem as described in the first

On 2017-05-18T13:13, mh at ow2.org <mh at ow2.org> wrote: > Le 18/05/2017 ? 12:17, mh at ow2.org a ?crit : > > However, I get uid/gid numbers instead of names within sftp session (ls > > -l) ? I don't know if it's new but I would definitively prefer names... > > It seems the reason is : > > open("/etc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES

Hi, I want to come to a specific behavior described in https://access.redhat.com/solutions/289073 For example, taking an user who is NOT a member of a group *-foo Match Group !*-foo => this won't match Match Group *,!*-foo => this will match I would expect the first to match too, intuitively. I'm unsure if this behavior is expected, and if not, if it has a corresponding bug

Hi all, I am using Match directive and internal-sftp to chroot sftp users into their directory. Connection and login works. I can change directories and put/get files. Also logging of the internal sftp-process works (created a /dev/log socket inside the chroot). As soon as I use the 'ls' command, nothing happens and the the process gets stuck. Listing files does work as soon as I remove

https://bugzilla.mindrot.org/show_bug.cgi?id=1573 Summary: ls hangs in internal-sftp Product: Portable OpenSSH Version: 5.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: gdr at go2.pl

Hi, This is either a query or a feature request. I have a system where sftp users are chrooted using scponly, which while requiring much more setup than OpenSSH's internal-sftp method, has the useful feature of allowing an initial chroot to a subdirectory, typically the one used for file exchange. I've searched for a way to do the same thing with OpenSSH. So far haven't found it. If

I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh chroot functionality). i.e. Subsystem sftp internal-sftp Match group sftpusers ChrootDirectory /chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp So far everything works correctly with sftp but when a user ssh's or scp's to the box the login

I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line: Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected.

I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain SFTP-only users. I use the following lines in my sshd_config file: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp It works great. The problem is that some of my users need umask 002 for their uploads. I tried a few ways to achieve this: * set umask in sshrc,

Hope ya'all can help! Been reading and reading, and adjusting... to no avail. We need to have chroot'd SFTP activities logged on a file server and for whatever reason, I simply cannot get it to log with users that are chroot'd (this is necessary for auditing and HIPAA - so it is pretty important) I have tried with Fedora 11/12 and even an older Fedora 8 server, the same results: 1.

Nico Kadel-Garcia wrote: > in places where I do not want OpenSSH server's tendency ro let > people with access look around the rest of the filesystem. If you want users to be able to use *only* SFTP then set a ChrootDirectory and ForceCommand internal-sftp in a Match for the user in sshd_config. //Peter

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp

On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > >

Hi, I configured openssh 5.1p1 for sftp server. Here the specifications in sshd_config file: Subsystem sftp internal-sftp Match Group sftp ForceCommand internal-sftp ChrootDirectory /home/%u AllowTcpForwarding no When a user is logged in, he can't upload his document and he receives this message: carlo at Music:~$ sftp user at 213.217.147.123 Connecting to

https://bugzilla.mindrot.org/show_bug.cgi?id=177 Joshua Pettett <devel at homelinkcs.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |sftp-server AssignedTo|openssh-bugs at mindrot.org |unassigned-bugs at mindrot.org --- Comment

Hi I've been testing internal-sftp with chroot on OpenSSH_5.3p1 and it seems that internal-sftp does not support POSIX atomic rename() operations. Can someone confirm that this feature is only available in the sftp-server and not internal-sftp? Are there plans to include atomic file operations in internal-sftp? Thanks

https://bugzilla.mindrot.org/show_bug.cgi?id=1488 Summary: internal-sftp logging Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

Hi, We need to limit concurrent sftp logins to one per user (because of bad client behaviour). Is there any way to achieve this I have overlooked? It seems it could be possible with pam_limits, if sftp sessions were recorded in utmp (a guess from what I found googling around). If I configure /etc/security/limits.conf with testuser hard maxlogins 1 and connect with ssh, and try a second