beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
622 commits 8 branches 48 tags 35 MiB
Commit graph

84 commits

Author SHA1 Message Date
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections 2020-12-15 19:29:30 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend 
Fixes #224
 2020-12-12 10:31:09 +01:00
Nicola Murino
50982229e1
REST API: add a method to get the status of the services 
added a status page to the built-in web admin
 2020-12-08 11:18:34 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns 
Fixes #209
 2020-11-15 22:04:48 +01:00
Nicola Murino
dc845fa2f4
webdav: fix permission errors if the client try to read multiple times 2020-11-14 19:19:41 +01:00
Nicola Murino
950a5ad9ea
add a recoverer where appropriate 
I have never seen this, but a malformed packet can easily crash pkg/sftp
 2020-10-31 11:02:04 +01:00
Nicola Murino
6a8039e76a
sftpd: log fingerprints for used host keys 2020-10-21 14:27:58 +02:00
Nicola Murino
b51d795e04
sftpd: auto generate an ed25519 host key too 2020-10-19 14:30:40 +02:00
Nicola Murino
f9827f958b
sftpd auto host keys: try to auto-create parent dir if missing 2020-10-05 14:16:57 +02:00
Nicola Murino
242dde4480 sftpd: ensure to always close idle connections 
after the last commit this wasn't the case anymore

Completly fixes #169
 2020-09-18 18:15:28 +02:00
Nicola Murino
2df0dd1f70 sshd: map each channel with a new connection 
Fixes #169
 2020-09-18 10:52:53 +02:00
Nicola Murino
a59163e56c multi-step auth: don't advertise password method if it is disabled 
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
 2020-09-01 19:34:40 +02:00
Giorgio Pellero
8391b19abb
Add password_disabled bool to sftpd config, disables password auth callback (#165) 2020-09-01 19:26:33 +02:00
Nicola Murino
f3228713bc Allow individual protocols to be enabled per user 
Fixes #154
 2020-08-17 12:49:20 +02:00
Nicola Murino
aa0ed5dbd0 add post-login hook 
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
 2020-08-12 16:15:12 +02:00
Nicola Murino
a9e21c282a add WebDAV support 
Fixes #147
 2020-08-11 23:56:10 +02:00
Antoine Deschênes
9a15a54885
sftpd: set failed connection loglevel to debug (#152) 2020-08-06 21:20:31 +02:00
Nicola Murino
91dcc349de Add client IP address to external auth, pre-login and keyboard interactive hooks 2020-08-04 18:03:28 +02:00
Nicola Murino
22338ed478 add post connect hook 
Fixes #144
 2020-07-30 22:33:49 +02:00
Nicola Murino
93ce96d011 add support for the venerable FTP protocol 
Fixes #46
 2020-07-29 21:56:56 +02:00
Nicola Murino
4e41a5583d refactoring: add common package 
The common package defines the interfaces that a protocol must implement
and contain code that can be shared among supported protocols.

This way should be easier to support new protocols
 2020-07-24 23:39:38 +02:00
Nicola Murino
0ea2ca3141 simplify data provider usage 
remove the obsolete SQL scripts too. They are not required since v0.9.6
 2020-07-08 19:59:31 +02:00
Nicola Murino
8e22dd1b13 virtual folders: allow overlapped mapped paths if quota is disabled 
See #95
 2020-06-10 09:11:32 +02:00
Nicola Murino
cd380973df allows host keys auto generation inside a user configured directory 
Fixes #124
 2020-06-08 18:45:04 +02:00
Nicola Murino
a08dd85efd sftpd: deprecate keys and add a new host_keys config param 
host_key defines the private host keys as plain list of strings.

Remove the other deprecated config params from the default config too.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-16 23:26:44 +02:00
Nicola Murino
469d36d979 certificate auth: fix source address checking inside crypto/ssh 
So we can avoid to check source address ourself

81aafe6d26

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-16 15:15:32 +02:00
Nicola Murino
738c7ab43e sftpd: add support for SSH user certificate authentication 
This add support for PROTOCOL.certkeys vendor extension:

https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8

Fixes #117

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-15 20:08:53 +02:00
Nicola Murino
f02e24437a add more linters 
test cases migration to testify is now complete.
Linters are enabled for test cases too
 2020-05-06 19:36:34 +02:00
Nicola Murino
d70959c34c fix some lint issues 2020-04-30 14:23:55 +02:00
Nicola Murino
5a5912ea66 switch to my pkg/sftp branch and enable the request-server allocator 
This way we have performance comparable to OpenSSH if the cipher
isn't the bottleneck
 2020-04-10 23:35:57 +02:00
Nicola Murino
b1c7317cf6 add support for partial authentication 
Multi-step authentication is activated disabling all single-step
auth methods for a given user
 2020-04-09 23:32:42 +02:00
Nicola Murino
9046acbe68 add HTTP hooks 
external auth, pre-login user modification and keyboard interactive
authentication is now supported via HTTP requests too
 2020-04-01 23:25:23 +02:00
Nicola Murino
f284008fb5 enable scp in default configuration 
remove the deprecated enable_scp setting
 2020-03-26 23:38:24 +01:00
Nicola Murino
9b119765fc docs: minor improvements 2020-03-04 23:51:16 +01:00
Nicola Murino
016abda6d7 improve docs 2020-03-03 23:25:23 +01:00
Nicola Murino
833b702b90 proxy protocol: add list of allowed IP addresses and IP ranges 
"proxy_allowed" setting allows to specify the allowed IP address and IP
ranges that can send the proxy header. This setting combined with
"proxy_protocol" allows to ignore the header or to reject connections
that send the proxy header from a non listed IP
 2020-03-01 23:12:28 +01:00
Nicola Murino
7163fde724 proxy protocol: added an option to make the proxy header required 
now we can configure SFTPGo to accept or reject requests without the proxy
header when the proxy protocol is enabled
 2020-02-29 00:02:06 +01:00
Nicola Murino
830e3d1f64 Support for HAProxy PROXY protocol 
you can proxy and/or load balance the SFTP/SCP service without losing
the information about the client's address.
 2020-02-27 09:21:30 +01:00
Nicola Murino
bc11cdd8d5 add support for per user authentication methods 
You can, for example, deny one or more authentication methods to one or
more users.
 2020-02-19 22:39:30 +01:00
Nicola Murino
c8cc81cf4a sftpd: autogenerate ecdsa key 
With default configuration we now generate RSA and ECDSA server keys.
 2020-02-16 18:17:39 +01:00
Nicola Murino
9ff303b8c0 add support for keyboard interactive authentication 
Fixes #64
 2020-01-21 10:54:05 +01:00
Nicola Murino
d75f56b914 vfs: store root dir 
so we don't need to pass it over and over
 2020-01-19 13:58:55 +01:00
Nicola Murino
a4834f4a83 add basic S3-Compatible Object Storage support 
we have now an interface for filesystem backeds, this make easy to add
new filesystem backends
 2020-01-19 07:41:05 +01:00
Nicola Murino
1d9bb54073 transfers: improve errors detection 
We can now properly report write errors if for example no space left on
device.

For downloads we check the downloaded size with the expected one
 2020-01-10 19:20:22 +01:00
Nicola Murino
1b1c740b29 Add support for allowed/denied IP/Mask 
Login can be restricted to specific ranges of IP address or to a specific IP
address.

Please apply the appropriate SQL upgrade script to add the filter field to your
database.

The filter database field will allow to add other filters without requiring a
new database migration
 2019-12-30 18:37:50 +01:00
Nicola Murino
9c4dbbc3f8 sftpd: add support for some SSH commands 
md5sum, sha1sum are used by rclone.
cd, pwd improve the support for RemoteFiles mobile app.

These commands are all implemented inside SFTPGo so they work even
if the matching system commands are not available, for example on Windows
 2019-11-18 23:30:37 +01:00
Nicola Murino
bb37a1c1ce sftpd: add support for chmod/chown 
added matching permissions too and a new setting "setstat_mode".
Setting setstat_mode to 1 you can keep the previous behaviour that
silently ignore setstat requests
 2019-11-15 12:15:07 +01:00
Nicola Murino
5be1d1be69 sftpd: send exit-status message on close 
this fix restic compatibility
 2019-11-14 16:49:42 +01:00
Nicola Murino
c2ff50c917 dataprovider: add support for user status and expiration 
an user can now be disabled or expired.

If you are using an SQL database as dataprovider please remember to
execute the sql update script inside "sql" folder.

Fixes #57
 2019-11-13 11:36:21 +01:00
Nicola Murino
363b9ccc7f sftpd: explicitly configure supported SFTP extensions 
update pkg/sftp to a git revision that includes the needed patch

https://github.com/pkg/sftp/pull/315
 2019-11-12 07:37:47 +01:00