sftpd config: MaxAuthTries is now configurable

README.md

@@ -61,6 +61,7 @@ The `sftpgo.conf` configuration file contains the following sections:
     - `bind_port`, integer the port used for serving SFTP requests. Default: 2022
     - `bind_address`, string. Leave blank to listen on all available network interfaces. Default: ""
     - `idle_timeout`, integer. Time in minutes after which an idle client will be disconnected. Default: 15
+    - `max_auth_tries` integer. Maximum number of authentication attempts permitted per connection. If set to a negative number, the number of attempts are unlimited. If set to zero, the number of attempts are limited to 6.
     - `umask`, string. Umask for the new files and directories. This setting has no effect on Windows. Default: "0022"
 - **"data_provider"**, the configuration for the data provider
     - `driver`, string. Supported drivers are `sqlite`, `mysql`, `postgresql`

config/config.go

@@ -28,10 +28,11 @@ func init() {
 	// create a default configuration to use if no config file is provided
 	globalConf = globalConfig{
 		SFTPD: sftpd.Configuration{
-			BindPort:    2022,
-			BindAddress: "",
-			IdleTimeout: 15,
-			Umask:       "0022",
+			BindPort:     2022,
+			BindAddress:  "",
+			IdleTimeout:  15,
+			MaxAuthTries: 0,
+			Umask:        "0022",
 		},
 		ProviderConf: dataprovider.Config{
 			Driver:           "sqlite",
@@ -74,13 +75,13 @@ func LoadConfig(configPath string) error {
 	//globalConf.basePath = basePath
 	file, err := os.Open(configPath)
 	if err != nil {
-		logger.Warn(logSender, "error loading configuration file: %v. Default configuration will be used", err)
+		logger.Warn(logSender, "error loading configuration file: %v. Default configuration will be used: %+v", err, globalConf)
 		return err
 	}
 	defer file.Close()
 	err = json.NewDecoder(file).Decode(&globalConf)
 	if err != nil {
-		logger.Warn(logSender, "error parsing config file: %v", err)
+		logger.Warn(logSender, "error parsing config file: %v. Default configuration will be used: %+v", err, globalConf)
 		return err
 	}
 	logger.Debug(logSender, "config loaded: %+v", globalConf)

sftpd/handler.go

@@ -138,7 +138,7 @@ func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
 	}
 
 	if statErr != nil {
-		logger.Error("error performing file stat %v: %v", p, statErr)
+		logger.Error(logSender, "error performing file stat %v: %v", p, statErr)
 		return nil, sftp.ErrSshFxFailure
 	}
 
@@ -149,7 +149,7 @@ func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
 
 	// Not sure this would ever happen, but lets not find out.
 	if stat.IsDir() {
-		logger.Warn("attempted to open a directory for writing to: %v", p)
+		logger.Warn(logSender, "attempted to open a directory for writing to: %v", p)
 		return nil, sftp.ErrSshFxOpUnsupported
 	}
 

sftpd/server.go

@@ -27,10 +27,11 @@ import (
 
 // Configuration server configuration
 type Configuration struct {
-	BindPort    int    `json:"bind_port"`
-	BindAddress string `json:"bind_address"`
-	IdleTimeout int    `json:"idle_timeout"`
-	Umask       string `json:"umask"`
+	BindPort     int    `json:"bind_port"`
+	BindAddress  string `json:"bind_address"`
+	IdleTimeout  int    `json:"idle_timeout"`
+	MaxAuthTries int    `json:"max_auth_tries"`
+	Umask        string `json:"umask"`
 }
 
 // Initialize the SFTP server and add a persistent listener to handle inbound SFTP connections.
@@ -43,7 +44,7 @@ func (c Configuration) Initialize(configDir string) error {
 	}
 	serverConfig := &ssh.ServerConfig{
 		NoClientAuth: false,
-		MaxAuthTries: 10,
+		MaxAuthTries: c.MaxAuthTries,
 		PasswordCallback: func(conn ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
 			sp, err := c.validatePasswordCredentials(conn, pass)
 			if err != nil {

sftpgo.conf

@@ -3,6 +3,7 @@
        "bind_port":2022,
        "bind_address": "",
        "idle_timeout": 15,
+       "max_auth_tries": 0,
        "umask": "0022"
    },
    "data_provider": {