Question about ~/.ssh/rc and internal-sftp

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about ~/.ssh/rc and internal-sftp

Aleksandar Lazic-4
Hi.

I hope this list is the right one to ask openssh questions, in case I'm wrong
here please point me to the right list/channel, thanks.

We use sftp for uploads and iWatch to post process the uploaded files.

We have several Match blocks in our /etc/ssh/sshd_config

```
Match User user001
ForceCommand internal-sftp
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
ChrootDirectory /home/user001
```

Can I replace the ForceCommand with a script which triggers a post process
tool and use Subsystem for internal-sftp ?

Version: OpenSSH_7.2p2
OS: Ubuntu 16.04 LTS

The Idea is that after a successful upload a post process script is running
so the we can remove the iWatch.

Thank you for any help.

Regards
Aleks

Reply | Threaded
Open this post in threaded view
|

Re: Question about ~/.ssh/rc and internal-sftp

Jiri B-3
Yes, you can but then you cannot use `internal-sftp` because it is
"internal" sshd process.
You must populate chroot in your ChrootDirectory, on Linux you also
need to have /dev/log
there.

I use this solution to rsync uploaded files to other host.

Jiri

On Wed, Feb 6, 2019 at 10:49 AM Aleksandar Lazic <[hidden email]> wrote:

>
> Hi.
>
> I hope this list is the right one to ask openssh questions, in case I'm wrong
> here please point me to the right list/channel, thanks.
>
> We use sftp for uploads and iWatch to post process the uploaded files.
>
> We have several Match blocks in our /etc/ssh/sshd_config
>
> ```
> Match User user001
> ForceCommand internal-sftp
> AllowAgentForwarding no
> AllowTcpForwarding no
> X11Forwarding no
> ChrootDirectory /home/user001
> ```
>
> Can I replace the ForceCommand with a script which triggers a post process
> tool and use Subsystem for internal-sftp ?
>
> Version: OpenSSH_7.2p2
> OS: Ubuntu 16.04 LTS
>
> The Idea is that after a successful upload a post process script is running
> so the we can remove the iWatch.
>
> Thank you for any help.
>
> Regards
> Aleks
>

Reply | Threaded
Open this post in threaded view
|

Re: Question about ~/.ssh/rc and internal-sftp

Aleksandar Lazic-4
Am 06.02.2019 um 12:13 schrieb Jiri B:
> Yes, you can but then you cannot use `internal-sftp` because it is
> "internal" sshd process.
> You must populate chroot in your ChrootDirectory, on Linux you also
> need to have /dev/log
> there.
>
> I use this solution to rsync uploaded files to other host.

Thank you.

> Jiri

Regards
aleks

> On Wed, Feb 6, 2019 at 10:49 AM Aleksandar Lazic <[hidden email]> wrote:
>>
>> Hi.
>>
>> I hope this list is the right one to ask openssh questions, in case I'm wrong
>> here please point me to the right list/channel, thanks.
>>
>> We use sftp for uploads and iWatch to post process the uploaded files.
>>
>> We have several Match blocks in our /etc/ssh/sshd_config
>>
>> ```
>> Match User user001
>> ForceCommand internal-sftp
>> AllowAgentForwarding no
>> AllowTcpForwarding no
>> X11Forwarding no
>> ChrootDirectory /home/user001
>> ```
>>
>> Can I replace the ForceCommand with a script which triggers a post process
>> tool and use Subsystem for internal-sftp ?
>>
>> Version: OpenSSH_7.2p2
>> OS: Ubuntu 16.04 LTS
>>
>> The Idea is that after a successful upload a post process script is running
>> so the we can remove the iWatch.
>>
>> Thank you for any help.
>>
>> Regards
>> Aleks
>>
>