Hi, How can I enable the sftp subsytem _only_to_the local network. When I enable the Subsystem paramater in the sshd_config then sftp is available to the outside, since ssh is available for internet also. So is there a way to permit sftp access only from the localside ? TIA -- Togan Muftuoglu
Hi,
How can I enable the sftp subsytem _only_to_the local network. When I enable the Subsystem paramater in the sshd_config then sftp is available to the outside, since ssh is available for internet also. So is there a way to permit sftp access only from the localside ?
First off I don't see why you are worrying. If I can ssh in I can upload/download files through means other then sftp (scp. mimeencode and text transfers/etc). You can control access by user/group, or to ssh. One solution would be to have a second ssh running on another port that allows sftp and lock that one down to certain IP's. If you are worried about security, well, I wouldn't, you have to go through ssh to get to sftp, making it rather more complicated (plus you have to lock down scp, mime encoding, etc, etc.).
TIA -- Togan Muftuoglu
Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
* Kurt Seifried;
sftp and lock that one down to certain IP's. If you are worried about security, well, I wouldn't, you have to go through ssh to get to sftp, making it rather more complicated (plus you have to lock down scp, mime encoding, etc, etc.).
Thanks Kurt, for some reason (probably lack of coffee) I have forgotten the ssh and sftp relation and keeping thinking sftp as _ftp_ . Guess time for coffee break -- Togan Muftuoglu
participants (2)
-
Kurt Seifried
-
Togan Muftuoglu