Limit number of simultaneous sftp-server connections from same ip

Peter Stuge peter at
Fri May 28 09:15:49 EST 2010

Ben Lindstrom wrote:
> >>> While limiting the use of sftp-server I want to retain _full_
> >>> access to normal (shell-like) connections over sshd without limits.
> >>> 
> >> Add the wrapper to the subsystem directive in sshd_config.
> Not really. If they have full ssh shell access they can by-pass
> this wrapper without much of an issue.

Are you sure they can bypass it when using SFTP without changing the
SFTP client?

> This only keeps the honest people honest.

Maybe it's a workaround for a bad network situation rather than a
security measure against dishonest users.

Since there is a requirement that the user has normal login access
there are many non-SFTP ways to transfer files which will go
completely unnoticed. I assumed the original requirements had taken
that into consideration already, maybe my mistake.


More information about the openssh-unix-dev mailing list