Log when a client requests an interactive session and only sftp is allowed
This commit is contained in:
parent
e8524ac3f4
commit
d711f557f7
11
openssh-7.9p1-log-sftp-only-connections.patch
Normal file
11
openssh-7.9p1-log-sftp-only-connections.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff --git a/session.c b/session.c
|
||||||
|
--- a/session.c
|
||||||
|
+++ b/session.c
|
||||||
|
@@ -1859,6 +1859,7 @@ do_child(Session *s, const char *command)
|
||||||
|
|
||||||
|
if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
|
||||||
|
printf("This service allows sftp connections only.\n");
|
||||||
|
+ logit("The session allows sftp connections only");
|
||||||
|
fflush(NULL);
|
||||||
|
exit(1);
|
||||||
|
} else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
|
@ -237,6 +237,9 @@ Patch957: openssh-7.9p1-CVE-2018-20685.patch
|
|||||||
# - do not return 0 if the write fails (full disk)
|
# - do not return 0 if the write fails (full disk)
|
||||||
# - shellcheck reports (upstream #2902)
|
# - shellcheck reports (upstream #2902)
|
||||||
Patch958: openssh-7.9p1-ssh-copy-id.patch
|
Patch958: openssh-7.9p1-ssh-copy-id.patch
|
||||||
|
# log when a client requests an interactive session and only sftp is allowed
|
||||||
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2960
|
||||||
|
Patch959: openssh-7.9p1-log-sftp-only-connections.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
@ -457,6 +460,7 @@ popd
|
|||||||
%patch956 -p1 -b .backports
|
%patch956 -p1 -b .backports
|
||||||
%patch957 -p1 -b .CVE-2018-20685
|
%patch957 -p1 -b .CVE-2018-20685
|
||||||
%patch958 -p1 -b .ssh-copy-id
|
%patch958 -p1 -b .ssh-copy-id
|
||||||
|
%patch959 -p1 -b .log-sftp-only
|
||||||
|
|
||||||
%patch200 -p1 -b .audit
|
%patch200 -p1 -b .audit
|
||||||
%patch201 -p1 -b .audit-race
|
%patch201 -p1 -b .audit-race
|
||||||
|
Loading…
Reference in New Issue
Block a user