SFTP – Connections and File Permissions – Part 4

Continuing the SFTP series of blog pages – lets take a look at some random snippets which are really helpful.

  1. Specifying the private key while dong SFTP

sftp -o "IdentityFile=/path/to/private_key" jay@server.name.com

We can also place the options in “config” file.

Sample contents of ~/.ssh/config

Host the_hostname
    User user_name
    IdentityFile /path/to/private_key

2. Prepare a batch file with the commands to run ( mostly used for transferring multiple files in single transaction ) and run them with SFTP.

echo "put filename.foo /safe/path/filename.foo" >> /tmp/batchfile.txt
sftp -b /tmp/batchfile.txt -oIdentityFile=/path/to/private_key user@host

3. Starting with OpenSSH 5.4, sftp-server(8) can set a umask to override the default one set by the user’s account. The in-process SFTP server, internal-sftp, accepts the same options as the external SFTP subsystem.

Subsystem sftp internal-sftp -u 0022

Earlier versions can do the same thing through the use of a helper script, but this complicates chrooted directories very much. The helper script can be a regular script or it can be embedded inline in the configuration file though neither works easily in a chroot jail. It’s often easier to get a newer version of sshd(8) which supports umask as part of the server’s configuration. Here is an inline helper script for umask in OpenSSH 5.3 and earler, based on one by gilles@

Subsystem sftp /bin/sh -c 'umask 0022; /usr/libexec/openssh/sftp-server'

4. SFTP file transfers can be logged using LogLevel INFO or VERBOSE. The log level for the SFTP server can be set in sshd_config(5) separately from the general SSH server settings.

Subsystem internal-sftp -l INFO

By default the SFTP messages will also end up in auth.log but it is possible to filter these messages to their own file by reconfiguring the system logger, usually rsyslogd(8) or syslogd(8). Sometimes this is done by changing the log facility code from the default of AUTH. Available options are LOCAL0 through LOCAL7, plus, less usefully, DAEMON and USER.

Subsystem internal-sftp -l INFO -f LOCAL6

If new system log files are assigned, it is important to remember them in log rotation, too.

Reference: https://en.wikibooks.org/wiki/OpenSSH

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s