Restrict commands available in an SFTP session
Salvador Fandino
sfandino at yahoo.com
Wed Feb 11 04:11:50 EST 2009
Jason Dickerson wrote:
> I am currently running OpenSSH 4.3. I would like to restrict the commands
> SFTP users can run to a list. For example, "put, get, mput, mget, mkdir,
> rmdir, and rm". Is this possible with OpenSSH? I have seen many posts
> concerning chroot'ing and the Forced Command option, but none of these
> solution address restricting the commands actually available inside the SFTP
> subsystem. Any insight would be greatly appreciated.
>
> Thanks,
>
> Jason Dickerson
The sftp-server application source code is quite simple.
It will require a minimal C knowledge to replace the unwanted command
handlers with versions that return SSH_FXP_STATUS messages with a
SSH_FX_FAILURE code.
Modify the source, compile it and install the new application on your
server (as /usr/lib/my-sftp-server, for instance) and change the sshd
sftp sub-system configuration to use it for all or some users.
Cheers,
- Salva
More information about the openssh-unix-dev
mailing list