Blacklisting/whitelisting sftp-server commands

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I'm running OpenSSH_7.4p1 (CentOS7) and have been asked to build a sort of
"drop box" to allow clients read-only access from a certain directory.

Right now, I've implemented this with the following lines in
/etc/ssh/sshd_config:

Subsystem sftp internal-sftp
Match User update_user
ChrootDirectory /opt/dropbox
ForceCommand internal-sftp -d / -R

This is mostly working; it's allowing read-only access and restricting the
connecting user to the /opt/dropbox directory. I am concerned about the
following note in the man page: 'For file transfer sessions using ''sftp'',
no additional configuration of the environment is necessary if the
in-process sftp server is used, *though sessions which use logging do
require **/dev/log inside the chroot directory'*

As I haven't created a /dev/log socket in the directory, I am concerned
that there is logging information I will wish I had.

Looking at the -p and -P options, I wonder if there isn't a more
fine-grained approach possible, to perhaps whitelist only the commands
necessary for two operations: to list the contents of the current directory
and retrieve the files. My attempts so far to restrict opendir, lstat,
read, readdir, realpath, etc. haven't been successful. For example,
restricting "opendir" gives an error that the client can't get the CWD and
the session fails.

Any pointers?

-Cheers,

 Travis
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux