HPE Community
Operating System - Linux
1820539 Members
3680 Online
109626 Solutions
New Discussion юеВ

Re: restrict sftp commands

 
SOLVED
Go to solution
MikeL_4
Super Advisor

тАО01-13-2010 12:04 PM

тАО01-13-2010 12:04 PM

restrict sftp commands

I am currently running openssh-4.3p2-36.el5_4.2, on Red Hat 5.3 server.

Is there a way to restrict the commands that are available to SFTP users.. For example, "put, get, mput, mget, mkdir,
rmdir, and rm".

I have seen many posts concerning chroot which I have set up, but none of these addresses restricting the commands actually available inside of SFTP subsystem.

Any insight would be greatly appreciated.
0 Kudos
4 REPLIES 4
Ivan Ferreira
Honored Contributor

тАО01-13-2010 01:04 PM

тАО01-13-2010 01:04 PM

Solution

Re: restrict sftp commands

I think is not possible with sftp. Maybe you can use vsftpd with SSL enabled and configure the cmds_allowed option. You only need a SSL enabled ftp client and you connection will be encripted.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Steven Schweda
Honored Contributor

тАО01-13-2010 03:14 PM

тАО01-13-2010 03:14 PM

Re: restrict sftp commands

> Is there a way to restrict the commands
> [...]

I know of none, but that proves little.

What, exactly, are you trying to stop from
happening? (And why would disabling
particular commands be the best or only way
to do that?)
0 Kudos
J. Maestre
Honored Contributor

тАО01-14-2010 03:38 AM

тАО01-14-2010 03:38 AM

Re: restrict sftp commands

That functionality is not implemented in sftp. There are some utils that restrict what users can do on ssh/sftp (like authprogs and scponly) but I'm not sure they will actually do what you want.

Your best bet would be playing with ACLs.
0 Kudos
MikeL_4
Super Advisor

тАО01-14-2010 09:42 AM

тАО01-14-2010 09:42 AM

Re: restrict sftp commands

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.