Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow separate password login for sftp #794

Closed
wants to merge 1 commit into from
Closed

Allow separate password login for sftp #794

wants to merge 1 commit into from

Conversation

mib1185
Copy link

@mib1185 mib1185 commented Sep 19, 2024

This will allow to enable password-based login for sftp, while it is still disabled for ssh connections.
To prevent a breaking change, this new option sftp_password_login inherits from ssh_server_password_login

@mib1185 mib1185 force-pushed the allow-seperate-password-login-for-sftp branch 2 times, most recently from 80f4204 to a895c5f Compare September 19, 2024 11:26
@mib1185 mib1185 force-pushed the allow-seperate-password-login-for-sftp branch from a895c5f to b3bdd13 Compare September 19, 2024 11:29
@schurzi
Copy link
Contributor

schurzi commented Oct 13, 2024

Your proposal seems reasonable, but we really want to avoid introducing more variables for our roles.

I have spent some time thinking about this and I think you can use existing variables to achieve the same result. We offer a way to add more custom group matches to sshd config via ssh_server_match_group. All these matches are placed after our main config and can be used to override previous config. so if you add these variables you should be able to get this working without changing the role.

Can you try adding these variables?

    ssh_server_match_group:
      - group: sftponly
        rules:
          - PasswordAuthentication yes

@mib1185 mib1185 marked this pull request as draft October 16, 2024 08:29
@mib1185
Copy link
Author

mib1185 commented Nov 15, 2024

Hi @schurzi
sorry for late reply. thanks for this suggestion, we will check if it fits for our needs. Since we're in progress of re-thinking of the concept, which is affected by this settings, i'm going to close this PR for now.

@mib1185 mib1185 closed this Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement ssh_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mib1185 @schurzi