- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Selective SFTP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2010 07:12 AM
тАО06-07-2010 07:12 AM
Selective SFTP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2010 02:01 PM
тАО06-07-2010 02:01 PM
Re: Selective SFTP
I'm not sure if there are any specific build-in filters to satisfy your exact requirements, but you can do anything you like from SYLOGIN or the LOGIN.COM for the incoming network process.
Source addresses are SYS$REM* logical names. Other attributes of the process and connection are available via lexical functions and/or system services. Experiment with the processes you're interested in, identify those you want to block and LOGOUT from the LOGIN.COM if detected.
One useful trick... if you want to selectively enable or disable filtering by user, GRANT an identifier to the username and use that to decide if the filtering code should be executed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2010 02:32 PM
тАО06-07-2010 02:32 PM
Re: Selective SFTP
that on a typical UNIX system, this sort of
thing is done by setting a user's shell to
some alternate (dummy, fatal) thing (or to
the sftp server program itself), and those
techniques would seem not to apply to VMS.
If one could find an SSH-specific condition
which could be tested in SYLOGIN.COM, then
one might be able to cram some kludgy test of
the user's name and that SSH condition into
that.
The user-name part is easy enough:
f$getjpi( "", "USERNAME")
I'm unaware of any good SSH test. It seems
to be true that SYS$REM_NODE is defined but
f$getdvi( "TT", "TT_ACCPORNAM") is null. So,
if that's true for only an SSH connection,
then perhaps ...
$!
$ bad_ssh_users = "/FRED/SMS/"
$ if ((f$locate( ("/"+ f$edit( f$getjpi( "", "USERNAME"), "TRIM")+ "/"), -
bad_ssh_users) .lt. f$length( bad_ssh_users)) .and. -
(f$trnlnm( "SYS$REM_NODE") .nes. "") .and. -
(f$getdvi( "tt", "tt_accpornam") .eqs. ""))
$ then
write sys$output "SSH session?"
$ logout
$ endif
$!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 11:52 AM
тАО06-08-2010 11:52 AM
Re: Selective SFTP
In SSHD2_CONFIG. add the following line:
UserSpecificConfig username ssh2_dir:user_config.
In file SSH2_DIR:USER_CONFIG.
SessionRestricted subsystem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2010 07:48 AM
тАО06-22-2010 07:48 AM
Re: Selective SFTP
in login.com of the sftp user. In TCP Services login.com is run when logging in using ssh, but not when logging in using sftp.