Re: Allow password auth for one user with sftp?



Adrian von Bidder wrote:
(Context: I'm not subscribed to secureshell, so my original posting was discarded after the moderators didn't approve it for more than x days.)

On Monday 22 January 2007 07:09, you wrote:

PasswordAuthentication no
Match User sftpuser
PasswordAuthentication yes

If you're interested I can supply a copy of the patch that adds auth
support (against 4.5p1).

That's exactly what I'm looking for. A copy of the patch would be appreciated, I'll have to think about using it on my server -- I don' feel very comfortable using a hand-compiled sshd instead of a Debian-packaged one...

(Apologies for the delay, but I hadn't actually ported the patch to 4.5 when I wrote that and it took longer than expected to get around to it.)

I have attached it to the bugzilla bug:
http://bugzilla.mindrot.org/show_bug.cgi?id=1180

You want the last attachment (#1240) which is against 4.5p1.

Have people already looked at the patch? Is it realistic that it will eventually end up in openssh? If not, I guess I'd better just run a second sshd on port 2222, but obviously I don't really like this.

It was just committed so it will be in the next major release of OpenSSH (4.6).

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



Relevant Pages

  • Re: Tacacs and OpenSSH
    ... attempting to integrate a Tacacs+ PAM with OpenSSH. ... There's a patch that may help at ... Good judgement comes with experience. ...
    (SSH)
  • Re: AIX patch works for Openssh but not Putty
    ... >After applying that patch, I was logged in (using Putty and OpenSSH) ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • openssh3.5p1: new functionality added, modifications done
    ... This is NOT an official or unofficial openssh announcement, patch, release ... secure ftp services for our web content developers. ... there is no server-side control over umask and file permissions. ... I'm running openssh with my patch on my servers, and am quite happy with it. ...
    (SSH)
  • SUMMARY: Trouble last after SSH + LDAP
    ... As it turned out this is an issue with OpenSSH 4.3p1. ... Did a make distclean, applied the patch, and rebuilt with no problems. ... authentication against an OpenLDAP server. ... PAM LDAP module 1.80 ...
    (SunManagers)
  • [UNIX] OpenSSH IP Restriction Bypass (adv.option, Patch Available)
    ... OpenSSH IP Restriction Bypass ... Apply the following patch. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)