similar to: [Bug 1979] Enhancement patch: Restrict sftp-server to basic commands, by user or group

https://bugzilla.mindrot.org/show_bug.cgi?id=1979 Bug #: 1979 Summary: Enhancement patch: Restrict sftp-server to basic commands, by user or group Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement

On 12.11.23 03:52, Damien Miller wrote: > On Sat, 11 Nov 2023, Bob Proulx wrote: > >> I am supporting a site that allows members to upload release files. I >> have inherited this site which was previously existing. The goal is >> to allow members to file transfer to and from their project area for >> release distribution but not to allow general shell access and not

On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > >

https://bugzilla.mindrot.org/show_bug.cgi?id=1998 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |RESOLVED Resolution|---

I am supporting a site that allows members to upload release files. I have inherited this site which was previously existing. The goal is to allow members to file transfer to and from their project area for release distribution but not to allow general shell access and not to allow access to other parts of the system. Currently rsync and old scp has been restricted using a restricted shell

https://bugzilla.mindrot.org/show_bug.cgi?id=1527 Summary: ForceCommand internal-sftp needs a way to enable logging Product: Portable OpenSSH Version: 5.1p1 Platform: Itanium2 OS/Version: HP-UX Status: NEW Severity: minor Priority: P4 Component: sftp-server AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=742 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX CC|

https://bugzilla.mindrot.org/show_bug.cgi?id=1953 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #7 from Damien Miller <djm at

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp

https://bugzilla.mindrot.org/show_bug.cgi?id=1844 Summary: Explicit file permissions enhancement to sftp-server Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1172 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX CC|

Hello List. ? i?m trying to setup a limited SSH server with SFTP. The requirements: -????????? There are users to whom only SFTP should be available. (sftp-only group) -????????? There are users to whom SFTP and shell access should be available (admin group) -????????? SFTP clients have to authenticate with username and password -????????? shell users have to authenticate with private key.

https://bugzilla.mindrot.org/show_bug.cgi?id=1599 Summary: "ForceCommand internal-sftp" not working as expected Product: Portable OpenSSH Version: 5.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=943 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX CC| |djm

I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain SFTP-only users. I use the following lines in my sshd_config file: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp It works great. The problem is that some of my users need umask 002 for their uploads. I tried a few ways to achieve this: * set umask in sshrc,

https://bugzilla.mindrot.org/show_bug.cgi?id=1606 Summary: internal-sftp does not drop conections properly, it will hang Product: Portable OpenSSH Version: 5.2p1 Platform: Itanium OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Thanks for these 3rd party hacks! I don't trust them. There must be such feature in openssh out of box. So the most secure/easyer method of giving sftp access to porn collection is: Damiens sftp-server chroot patch, which I hope to see in openssh one day :) http://marc.info/?l=openssh-unix-dev&m=116043792120525&w=2 # useradd -d /data/p0rn -m share /etc/ssh/sshd_config: Match user

Hello, i am using SFTP with CHROOT. I want to allow my users that they can upload and download with the sftp server, but they should never do an MKDIR! Is it possible to restrict commands and how can i do this? i only found material of modifing the source...and that is not the best way for me. regards Sonja Meyer sonne_meyer at yahoo.de

https://bugzilla.mindrot.org/show_bug.cgi?id=934 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|REOPENED |RESOLVED Resolution|---

Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users.