SFTP Not working - Githubissues

squash / sudosh2

sudosh is an auditing shell filter and can be used as a login shell. Sudosh records all keystrokes and output and can play back the session as just like a VCR. Sudosh2 is a continuation of the development of sudosh.

Other

83 stars 28 forks source link

SFTP Not working #50

Open iamaravindragu opened 3 months ago

iamaravindragu commented 3 months ago

Change the shell to sudosh for an user , post that he cant able to do SFTP via WinSCP , any alternative solution available for that ?

-- Aravindan R

squash commented 3 months ago

You need to allow it with the "-c arg allow" option in sudosh.conf.

iamaravindragu commented 3 months ago

sudosh conf error-sftp

Tried : -c arg allow = SFTP -c arg allow = SSH

Yeah Tried that as well , Still no luck . But If I changed the shell to normal /bin/bash , SFTP is working well.

-- Aravindan R

squash commented 3 months ago

case matters, try something like

-c arg allow=/usr/lib/openssh/sftp-server

or whatever the path is on your host.

iamaravindragu commented 3 months ago

Ok added that in sudosh.conf and result is the same error

squash commented 3 months ago

what OS and version is your host? I can try to recreate your scenario.

iamaravindragu commented 3 months ago

OS : Ubuntu 20 VERSION="20.04.6 LTS

squash commented 3 months ago

This works for me on Ubuntu 20.04:

# Allow Sudosh to execute -c arguments?  If so, what?
-c arg allow = scp
-c arg allow = rsync
-c arg allow = /usr/lib/openssh/sftp-server

iamaravindragu commented 3 months ago

Have you tried login via WinScp ? I've the same thing in sudosh.conf not able to login .

- Aravindan R

squash commented 3 months ago

I do not have Windows to test WinSCP but I have did test with Filezilla in sftp mode as well as openssh command line.

Make sure sudosh is listed in /etc/shells also.

iamaravindragu commented 3 months ago

Okay , sudosh was listed in /etc/shells . Seems like Filezilla doesn't support MFA based authentication .

My Set up as like below

Key Based Login ( Which has Password enabled ) + MFA

squash commented 3 months ago

MFA is likely where your problem is happening, can you share your MFA config for openssh and I can try to set up a test environment?

if it is handing it off to another command, you might also try -c arg allow = *

iamaravindragu commented 2 months ago

Key Based Login ( Which has Password enabled ) + MFA is working Normally when I take SSH Session , but when I taken via SFTP(Winscp) things are not working .

MFA -- Google Authentication , Followed the below procedure 

      https://www.turbogeek.co.uk/google-authentication-mfa-on-linux/

-- Aravindan R

squash commented 2 months ago

It may be a bit before i'm able to create this environment, in the mean time please test with the * arg and see if that helps.

iamaravindragu commented 2 months ago

Ok , tried with below syntax and still no luck

-c arg allow= *