Limit number of simultaneous sftp-server connections from same ip

Ben Lindstrom mouring at
Fri May 28 11:34:39 EST 2010

On May 27, 2010, at 6:15 PM, Peter Stuge wrote:

> Ben Lindstrom wrote:
>>>>> While limiting the use of sftp-server I want to retain _full_
>>>>> access to normal (shell-like) connections over sshd without limits.
>>>> Add the wrapper to the subsystem directive in sshd_config.
>> Not really. If they have full ssh shell access they can by-pass
>> this wrapper without much of an issue.
> Are you sure they can bypass it when using SFTP without changing the
> SFTP client?

sftp -s /path/to/my/sftp-server

No hacking or code change required.   Works on v2 protocol only sshd setups.

$ man sftp
     -s subsystem | sftp_server
             Specifies the SSH2 subsystem or the path for an sftp server on
             the remote host.  A path is useful for using sftp over protocol
             version 1, or when the remote sshd(8) does not have an sftp sub-
             system configured.

- Ben

More information about the openssh-unix-dev mailing list