Re: SFTP using a single use key.
From: Per Hedeland (per_at_hedeland.org)
Date: 08/30/04
- Previous message: zeb: "Broken pipe with scp and big file"
- In reply to: Richard E. Silverman: "Re: SFTP using a single use key."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Aug 2004 20:26:22 +0000 (UTC)
In article <m2oeksr822.fsf@darwin.oankali.net> Richard E. Silverman
<res@qoxp.net> writes:
>
>> But putting the following in the command in the key doesn't work:
>>
>> /usr/local/bin/ssh2 -l account -v -x -a -o "clearallforwardings yes" -o
>> "passwordprompt %U@%H's password:" -o "nodelay yes" -o
>> "authenticationnotify yes" destination.system.edu -s sftp
>
>This command is run on the *client*, in a subprocess by scp2, to contact
>the remote side and start sftp-server. You took it and put it as the
>command to execute on the *server*. All you want to run on the server is
>the "sftp-server" program. However, you will not be able to accomplish
>what you want: unlike scp, the file to transfer is not given on the
>command line, and there is no option you can give sftp-server to restrict
>it in this way.
However, assuming the "subsystem" invocation is subject to the command=
semantics (is it?), I guess it should work to point command= at a
wrapper that fired up sftp-server (probably checking that this is
actually the attempted command first:-), and acted as a proxy for the
SFTP protocol, inspecting the commands received and rejecting anything
"improper". A bit more work than putting a fixed string in the key file
though...
--Per Hedeland
per@hedeland.org
- Previous message: zeb: "Broken pipe with scp and big file"
- In reply to: Richard E. Silverman: "Re: SFTP using a single use key."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
