On Fri, Dec 01, 2017 at 02:59:38AM -0500, Jiri B wrote: > On Thu, Nov 30, 2017 at 05:36:57PM -0600, Edgar Pettijohn wrote: > > I was looking into how best to secure a sftp-server. The manual > > mentions a -Q option to query protocol features supported. I added the > > following line to sshd_config. > > > > Subsystem sftp /usr/libexec/sftp-server sftp -Q requests > > > > So far I'm not sure how to get at the information provided by this > > command line option. Or am I doing it wrong?
For future reference: $ /usr/libexec/sftp-server -Q requests gives the following output: open close read write lstat fstat setstat fsetstat opendir readdir remove mkdir rmdir realpath stat rename readlink symlink posix-rename statvfs fstatvfs hardlink fsync > > > > Any insight is greatly appreciated. > > > > Edgar > > IMO you got confused, it is "query", it does not set anything. I didn't suggest it did set anything. The other command line options require they be set in sshd_config, so thats what I tried. Didn't click to try on the command line. :( > > Output of "-Q requests" as "requests"/actions which sftp client > can do on remote server. > > An example: you want to mimic anon ftp upload server, then you > would - IIRC - open, write, lstat,... but not readdir, remote, > symlink etc... My end goal is similar. I want users to log in trapped in their $HOME but be able to make directories, remove directories, upload, download, possibly symlink. I'll just play around with it till I feel comfortable. > > j. >
