Limit number of simultaneous sftp-server connections from same ip
Peter Stuge
peter at stuge.se
Fri May 28 09:15:49 EST 2010
Ben Lindstrom wrote:
> >>> While limiting the use of sftp-server I want to retain _full_
> >>> access to normal (shell-like) connections over sshd without limits.
> >>>
> >> Add the wrapper to the subsystem directive in sshd_config.
>
> Not really. If they have full ssh shell access they can by-pass
> this wrapper without much of an issue.
Are you sure they can bypass it when using SFTP without changing the
SFTP client?
> This only keeps the honest people honest.
Maybe it's a workaround for a bad network situation rather than a
security measure against dishonest users.
Since there is a requirement that the user has normal login access
there are many non-SFTP ways to transfer files which will go
completely unnoticed. I assumed the original requirements had taken
that into consideration already, maybe my mistake.
//Peter
More information about the openssh-unix-dev
mailing list