Limit number of simultaneous sftp-server connections from same ip
Ben Lindstrom
mouring at eviladmin.org
Fri May 28 11:34:39 EST 2010
On May 27, 2010, at 6:15 PM, Peter Stuge wrote:
> Ben Lindstrom wrote:
>>>>> While limiting the use of sftp-server I want to retain _full_
>>>>> access to normal (shell-like) connections over sshd without limits.
>>>>>
>>>> Add the wrapper to the subsystem directive in sshd_config.
>>
>> Not really. If they have full ssh shell access they can by-pass
>> this wrapper without much of an issue.
>
> Are you sure they can bypass it when using SFTP without changing the
> SFTP client?
sftp -s /path/to/my/sftp-server site.com
No hacking or code change required. Works on v2 protocol only sshd setups.
$ man sftp
[..]
-s subsystem | sftp_server
Specifies the SSH2 subsystem or the path for an sftp server on
the remote host. A path is useful for using sftp over protocol
version 1, or when the remote sshd(8) does not have an sftp sub-
system configured.
[..]
- Ben
More information about the openssh-unix-dev
mailing list