SFTP &

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello List.

 
i’m trying to setup a limited SSH server with SFTP. 

The requirements:

-          There are users to whom only SFTP should be available. (sftp-only group)

-          There are users to whom SFTP and shell access should be available (admin group)

-          SFTP clients have to authenticate with username and password

-          shell users have to authenticate with private key.

 
I put Into the sshd_config global section:

PasswordAuthentication no

 
and the end of the sshd_config:

Subsystem       sftp    internal-sftp

 
Match Group admin

    AllowTCPForwarding yes

    X11Forwarding yes

    ForceCommand bash

 
Match Group sftp-only

    PasswordAuthentication yes

    AllowTCPForwarding no

    X11Forwarding no

    ForceCommand internal-sftp

 
This config works well for SFTP users … but if a user is a member of both group, the SFTP client fails to connect. Obviously because of the ForceCommand.

 
Is there a way to achieve the requirements above?

Is there a way to create rules according to connection type? I mean … is there any difference within the connection/authentication between eg. PuTTy and FileZilla?

 
Thank you,

Csaba

 

<<attachment: winmail.dat>>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux