Re: SFTP &

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Jun 24, 2014 at 8:30 PM, Márk Csaba <markcs@xxxxxxxx> wrote:
> Hello List.
>
>
> i’m trying to setup a limited SSH server with SFTP.
>
> The requirements:
>
> -          There are users to whom only SFTP should be available. (sftp-only group)
>
> -          There are users to whom SFTP and shell access should be available (admin group)
>
> -          SFTP clients have to authenticate with username and password
>
> -          shell users have to authenticate with private key.
>
>
> I put Into the sshd_config global section:
>
> PasswordAuthentication no
>
>
> and the end of the sshd_config:
>
> Subsystem       sftp    internal-sftp
>
>
> Match Group admin
>
>     AllowTCPForwarding yes
>
>     X11Forwarding yes
>
>     ForceCommand bash
>
>
> Match Group sftp-only
>
>     PasswordAuthentication yes
>
>     AllowTCPForwarding no
>
>     X11Forwarding no
>
>     ForceCommand internal-sftp
>
>
> This config works well for SFTP users … but if a user is a member of both group, the SFTP client fails to connect. Obviously because of the ForceCommand.
>
>
> Is there a way to achieve the requirements above?
>
> Is there a way to create rules according to connection type? I mean … is there any difference within the connection/authentication between eg. PuTTy and FileZilla?

Put your limited sftp server on a separate port, or your SSH server on
a separate port, to start with. That way you don't wind up mixing and
matching the configurations.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux