Open iamaravindragu opened 3 months ago
You need to allow it with the "-c arg allow" option in sudosh.conf.
Tried : -c arg allow = SFTP -c arg allow = SSH
Yeah Tried that as well , Still no luck . But If I changed the shell to normal /bin/bash , SFTP is working well.
-- Aravindan R
case matters, try something like
-c arg allow=/usr/lib/openssh/sftp-server
or whatever the path is on your host.
Ok added that in sudosh.conf and result is the same error
what OS and version is your host? I can try to recreate your scenario.
OS : Ubuntu 20 VERSION="20.04.6 LTS
This works for me on Ubuntu 20.04:
# Allow Sudosh to execute -c arguments? If so, what?
-c arg allow = scp
-c arg allow = rsync
-c arg allow = /usr/lib/openssh/sftp-server
Have you tried login via WinScp ? I've the same thing in sudosh.conf not able to login .
- Aravindan R
I do not have Windows to test WinSCP but I have did test with Filezilla in sftp mode as well as openssh command line.
Make sure sudosh is listed in /etc/shells also.
Okay , sudosh was listed in /etc/shells . Seems like Filezilla doesn't support MFA based authentication .
My Set up as like below
Key Based Login ( Which has Password enabled ) + MFA
MFA is likely where your problem is happening, can you share your MFA config for openssh and I can try to set up a test environment?
if it is handing it off to another command, you might also try
-c arg allow = *
Key Based Login ( Which has Password enabled ) + MFA is working Normally when I take SSH Session , but when I taken via SFTP(Winscp) things are not working .
MFA -- Google Authentication , Followed the below procedure
https://www.turbogeek.co.uk/google-authentication-mfa-on-linux/
-- Aravindan R
It may be a bit before i'm able to create this environment, in the mean time please test with the * arg and see if that helps.
Ok , tried with below syntax and still no luck
-c arg allow= *
Change the shell to sudosh for an user , post that he cant able to do SFTP via WinSCP , any alternative solution available for that ?
-- Aravindan R