diff --git a/README.md b/README.md index fbe1b264..425009a3 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ The `sftpgo.conf` configuration file contains the following sections: - `bind_port`, integer the port used for serving SFTP requests. Default: 2022 - `bind_address`, string. Leave blank to listen on all available network interfaces. Default: "" - `idle_timeout`, integer. Time in minutes after which an idle client will be disconnected. Default: 15 + - `max_auth_tries` integer. Maximum number of authentication attempts permitted per connection. If set to a negative number, the number of attempts are unlimited. If set to zero, the number of attempts are limited to 6. - `umask`, string. Umask for the new files and directories. This setting has no effect on Windows. Default: "0022" - **"data_provider"**, the configuration for the data provider - `driver`, string. Supported drivers are `sqlite`, `mysql`, `postgresql` diff --git a/config/config.go b/config/config.go index a0e2f1f4..f5188c11 100644 --- a/config/config.go +++ b/config/config.go @@ -28,10 +28,11 @@ func init() { // create a default configuration to use if no config file is provided globalConf = globalConfig{ SFTPD: sftpd.Configuration{ - BindPort: 2022, - BindAddress: "", - IdleTimeout: 15, - Umask: "0022", + BindPort: 2022, + BindAddress: "", + IdleTimeout: 15, + MaxAuthTries: 0, + Umask: "0022", }, ProviderConf: dataprovider.Config{ Driver: "sqlite", @@ -74,13 +75,13 @@ func LoadConfig(configPath string) error { //globalConf.basePath = basePath file, err := os.Open(configPath) if err != nil { - logger.Warn(logSender, "error loading configuration file: %v. Default configuration will be used", err) + logger.Warn(logSender, "error loading configuration file: %v. Default configuration will be used: %+v", err, globalConf) return err } defer file.Close() err = json.NewDecoder(file).Decode(&globalConf) if err != nil { - logger.Warn(logSender, "error parsing config file: %v", err) + logger.Warn(logSender, "error parsing config file: %v. Default configuration will be used: %+v", err, globalConf) return err } logger.Debug(logSender, "config loaded: %+v", globalConf) diff --git a/sftpd/handler.go b/sftpd/handler.go index a78d2c14..5fc40cd5 100644 --- a/sftpd/handler.go +++ b/sftpd/handler.go @@ -138,7 +138,7 @@ func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) { } if statErr != nil { - logger.Error("error performing file stat %v: %v", p, statErr) + logger.Error(logSender, "error performing file stat %v: %v", p, statErr) return nil, sftp.ErrSshFxFailure } @@ -149,7 +149,7 @@ func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) { // Not sure this would ever happen, but lets not find out. if stat.IsDir() { - logger.Warn("attempted to open a directory for writing to: %v", p) + logger.Warn(logSender, "attempted to open a directory for writing to: %v", p) return nil, sftp.ErrSshFxOpUnsupported } diff --git a/sftpd/server.go b/sftpd/server.go index ea009b9f..f015e51b 100644 --- a/sftpd/server.go +++ b/sftpd/server.go @@ -27,10 +27,11 @@ import ( // Configuration server configuration type Configuration struct { - BindPort int `json:"bind_port"` - BindAddress string `json:"bind_address"` - IdleTimeout int `json:"idle_timeout"` - Umask string `json:"umask"` + BindPort int `json:"bind_port"` + BindAddress string `json:"bind_address"` + IdleTimeout int `json:"idle_timeout"` + MaxAuthTries int `json:"max_auth_tries"` + Umask string `json:"umask"` } // Initialize the SFTP server and add a persistent listener to handle inbound SFTP connections. @@ -43,7 +44,7 @@ func (c Configuration) Initialize(configDir string) error { } serverConfig := &ssh.ServerConfig{ NoClientAuth: false, - MaxAuthTries: 10, + MaxAuthTries: c.MaxAuthTries, PasswordCallback: func(conn ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) { sp, err := c.validatePasswordCredentials(conn, pass) if err != nil { diff --git a/sftpgo.conf b/sftpgo.conf index 972d5229..387f579d 100644 --- a/sftpgo.conf +++ b/sftpgo.conf @@ -3,6 +3,7 @@ "bind_port":2022, "bind_address": "", "idle_timeout": 15, + "max_auth_tries": 0, "umask": "0022" }, "data_provider": {