Adding filename verification to sftp-server
John-Mark Gurney
jmg at funkthat.com
Tue Oct 20 06:03:51 AEDT 2020
Hello,
In one of the projects, I'd like to restirct what files sftp-server
can deliver. The -p, whitelisting requests helps contain the client,
but does not limit what files they have access too.
If a user has root on their box, they can of course use chroot, but not
every person has root, nor the desire to setup a particular user or
dedicated ssh server for this.
My thought (and implemented) was to add a simple option to sftp-server
to add a list of files that open is permitted to open.
The code is available at:
https://www.funkthat.com/gitea/jmg/openssh-portable.git
on the branch sftp-firewall.
I wasn't sure what the best way to submit a patch was, so let me know
if there is a better way.
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the openssh-unix-dev
mailing list