On Fri, Dec 01, 2017 at 02:59:38AM -0500, Jiri B wrote:
> On Thu, Nov 30, 2017 at 05:36:57PM -0600, Edgar Pettijohn wrote:
> > I was looking into how best to secure a sftp-server. The manual
> > mentions a -Q option to query protocol features supported. I added the
> > following line to sshd_config.
> >
> > Subsystem sftp /usr/libexec/sftp-server sftp -Q requests
> >
> > So far I'm not sure how to get at the information provided by this
> > command line option. Or am I doing it wrong?
For future reference:
$ /usr/libexec/sftp-server -Q requests
gives the following output:
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync
> >
> > Any insight is greatly appreciated.
> >
> > Edgar
>
> IMO you got confused, it is "query", it does not set anything.
I didn't suggest it did set anything. The other command line options
require they be set in sshd_config, so thats what I tried. Didn't click
to try on the command line. :(
>
> Output of "-Q requests" as "requests"/actions which sftp client
> can do on remote server.
>
> An example: you want to mimic anon ftp upload server, then you
> would - IIRC - open, write, lstat,... but not readdir, remote,
> symlink etc...
My end goal is similar. I want users to log in trapped in their $HOME
but be able to make directories, remove directories, upload, download,
possibly symlink. I'll just play around with it till I feel comfortable.
>
> j.
>
No comments:
Post a Comment