Displaying 20 results from an estimated 10000 matches similar to: "restrict file transfer in rsync, scp, sftp?"
2023 Nov 12
2
restrict file transfer in rsync, scp, sftp?
On Sat, 11 Nov 2023, Bob Proulx wrote:
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
>
>
2009 Oct 23
3
internal-sftp only without ssh and scp hanging
I've configured OpenSSH_5.3p1 to only allow sftp connections (openssh
chroot functionality).
i.e.
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory /chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
So far everything works correctly with sftp but when a user ssh's or
scp's to the box the login
2017 Sep 01
3
sftp/scp only without real users
Hi,
my goal: sftp/scp only access, without the need for linux users.
I want to provide 10 sftp/scp directories to 10 people. Let's call this
"virtual account"
I don't want to create linux users for each of them.
I would like to create one linux user (backup_user). In his
home-directory will be 10 directories. For each "virtual account" one
directory.
Every
2017 Feb 10
4
Disabling specific commands in sftp
Hi,
On CentOS 7 I?m trying to set up a chrooted SFTP server on which specific users can only read and write on specific folder. And I?d like to disable some commands, so the users can only do ?cd?, ?ls?, ?get? and ?put? (and disabling ?chgrp?, ?chmod?, ?chown?, ?df? etc ?). Is there a way to achieve it, natively or with using a third-party software ?
Alexandre MALDEME
Analyste d'exploitation
2023 Nov 12
1
restrict file transfer in rsync, scp, sftp?
On 12.11.23 03:52, Damien Miller wrote:
> On Sat, 11 Nov 2023, Bob Proulx wrote:
>
>> I am supporting a site that allows members to upload release files. I
>> have inherited this site which was previously existing. The goal is
>> to allow members to file transfer to and from their project area for
>> release distribution but not to allow general shell access and not
2014 May 19
3
using OpenSSH/SFTP to replace an FTP server securely
Hello Folks,
I'm trying to replace an FTP with several hundred users with something secure.
My requirements:
- transfers must be logged
- users should not have any access to other users' directories
- users should land in a writable directory
- users should be chrooted
I've been trying to get this working with OpenSSH and the internal SFTP server,
but it does not
2012 Nov 12
5
[Bug 2048] New: Make chrooted sftp more user friendly using bind mount (solution suggested)
https://bugzilla.mindrot.org/show_bug.cgi?id=2048
Priority: P5
Bug ID: 2048
Assignee: unassigned-bugs at mindrot.org
Summary: Make chrooted sftp more user friendly using bind mount
(solution suggested)
Severity: enhancement
Classification: Unclassified
OS: Linux
Reporter: harviecz at gmail.com
2015 Aug 02
2
Chrooted SFTP-only users along with normal SFTP
Hi!
I want to set a OpenSSH server which restricts some users to only
chrooted SFTP, while others have full/normal ssh, scp and sftp access.
Most or all guides on the web say that I should enable the config line
"Subsytem sftp internal-sftp" among other things, but I've found out
that this only causes non-restricted users to not be able use SFTP at
all, only the chrooted users.
2007 Sep 05
3
Chrooting SFTP over SSH2
Hi,
As per the subject line - if I look up setting up chroot jails for SFTP over
SSH2 I'm led to various Web sites and patches and also to a CentOS wiki page
dated 2005, but what's the 'best' or 'correct' way to set this up for Centos
4.5 and 5?
Thanks
2008 Nov 11
3
Directory permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2008 Jun 20
1
ForceCommand internal-sftp causes sftp logging to fail (openssh-5.0p1)
Hi guys,
I have a server setup with openssh-5.0p1 and use some users as
sftp-only chroot accounts.
The following configuration yields exactly the result I want:
user is chrooted, logs to syslog, all is good.
#================================================#
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
Match User fredwww
ChrootDirectory %h
#ForceCommand internal-sftp
2020 Apr 09
4
Parallel transfers with sftp (call for testing / advice)
> Le 9 avr. 2020 ? 00:34, Nico Kadel-Garcia <nkadel at gmail.com> a ?crit :
>
> On Wed, Apr 8, 2020 at 11:31 AM Cyril Servant <cyril.servant at gmail.com> wrote:
>>
>> Hello, I'd like to share with you an evolution I made on sftp.
>
> It *sounds* like you should be using rparallelized rsync over xargs.
> Partial sftp or scp transfers are almost
2009 Jan 09
1
setting umask for internal-sftp users
I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain
SFTP-only users. I use the following lines in my sshd_config file:
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp
It works great.
The problem is that some of my users need umask 002 for their uploads. I tried a few ways to
achieve this:
* set umask in sshrc,
2019 Dec 29
2
securing a hop
for the A nat B C connect back to A using -R 2222:localhost:22 pattern,
(see diagram at https://github.com/daradib/sidedoor)
I want to limit B's user to just what is needed to do the port forward.
I am hoping this is documented, but I can't find much more than "you should
future out how to secre it."
I setup an ansible playbook to instal and configure sidedoor on A. I have
2008 Nov 11
2
Fwd: Permissions in chroot SFTP
Hi,
I configured openssh 5.1p1 for sftp server.
Here the specifications in sshd_config file:
Subsystem sftp internal-sftp
Match Group sftp
ForceCommand internal-sftp
ChrootDirectory /home/%u
AllowTcpForwarding no
When a user is logged in, he can't upload his document and he receives
this message:
carlo at Music:~$ sftp user at 213.217.147.123
Connecting to
2020 Apr 11
2
internal-sftp + chroot [was: Parallel transfers]
Nico Kadel-Garcia wrote:
> in places where I do not want OpenSSH server's tendency ro let
> people with access look around the rest of the filesystem.
If you want users to be able to use *only* SFTP then set a ChrootDirectory
and ForceCommand internal-sftp in a Match for the user in sshd_config.
//Peter
2012 Feb 07
3
Suggestion for openssh
Hi!
I do not know if it's the ideal place, but I'm sending some suggestion.
Always use openssh and its enormous features.
- I needed to create an environment with only sftp access and thus used:
- Match User suporte
ForceCommand / usr / lib / openssh / sftp-server
OK! It worked perfectly! But only sftp.
- Create an environment with only blocking the ssh, but scp and
2023 Mar 30
3
sftp and utmp
Hi,
We need to limit concurrent sftp logins to one per user (because of bad
client behaviour). Is there any way to achieve this I have overlooked?
It seems it could be possible with pam_limits, if sftp sessions were
recorded in utmp (a guess from what I found googling around). If I
configure /etc/security/limits.conf with
testuser hard maxlogins 1
and connect with ssh, and try a second
2014 Jun 25
4
SFTP &
Hello List.
?
i?m trying to setup a limited SSH server with SFTP.
The requirements:
-????????? There are users to whom only SFTP should be available. (sftp-only group)
-????????? There are users to whom SFTP and shell access should be available (admin group)
-????????? SFTP clients have to authenticate with username and password
-????????? shell users have to authenticate with private key.
2016 May 09
3
Cannot get sftp transfers to log in the systemd journal
I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line:
Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE
I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected.