Hi Dimitry, Just came across a situation where I can't limit SFTP max connections on a per user (not per IP) basis without resorting to using wrappers. Not sure if the old SCP actually logs in (sorry haven't checked) but the SFTP that I use (latest RHEL7) doesn't honour limits.conf (maxlogins or nproc) because it doesn't actually log in - it's just a protocol and a subsystem at that. I currently have a situation where system SSH resources can be exhausted by overzealous use by a single SFTP user. Do the newer versions of OpenSSH come with a better way of limiting SFTP sessions on a per user basis just like the classic FTPs of old?
I already have MaxSessions in sshd_config set high for managing SSHFS mounts which works fine, but it works on a connection basis and I have full control of both ends. I have little control over client SFTP volume requests. I would appreciate it if you can allay my concerns by letting me know if switching to using the underlying SFTP protocol for SCP will allow per user connection limits to be applied which I feel are very important. Hope you have the answer at hand. Best regards, Arthur. On Mon, 4 Oct 2021 at 19:49, Dmitry Belyavskiy <dbely...@redhat.com> wrote: > Dear Richard, > > > On Mon, Oct 4, 2021 at 10:23 AM Richard W.M. Jones <rjo...@redhat.com> > wrote: > >> On Wed, Sep 29, 2021 at 04:48:43PM +0200, Dmitry Belyavskiy wrote: >> > Dear colleagues, >> > >> > I recently added OpenSSH 8.7p1 to rawhide. >> > This version includes implementation of the SFTP protocol as the main >> transfer >> > protocol for the scp utility. In upstream, the SCP protocol is used by >> default >> > in the scp utility. The upcoming versions 8.9p1+ (version 8.8p1 is >> mostly a >> > security release) are expected to use SFTP protocol by default. This >> behavior >> > (SFTP as a default transfer protocol for scp utility) is backported to >> rawhide. >> > >> > The same approach is planned for RHEL 9 GA, >> > >> > Please let me know if you have any questions/problems. >> >> Does this change the quoting of scp paths with spaces etc? The >> quoting of scp is insane but at least it's a known quantity, and we >> baked it into virt-p2v. >> > > Yes. There are changes in the quoting, documented in > https://www.openssh.com/txt/release-8.7 and > https://www.openssh.com/txt/release-8.8 > > If you still need an old quoting, AFAIK, you should explicitly specify the > scp protocol via -O command-line option. > >> >> -- > Dmitry Belyavskiy > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
