OpenSSH: post processing su SFTP
From ImoLUGPedia
Contents |
openSSH: trigger a script on sftpd put
Environment
We have an ssh server in DMZ. We want to let, some trusted ssh-user to put a datafile into the system using SFTPd. Only after a correct upload we want to execute a program on the datafile. Only after the good execution we want to return control and return code to the user.
Digging
I’m looking for an internal mechanism in order to consider * the push of the datafile * the execution of something on the datafile like a uniquie atomic action performed by the sftp subsystem
In the openssh mailing list a find only a request asking something similar 2002, but substanzially no answers.
My Solution
I mesh the classical sshd_config file with two new directive:
SFTPTriggerPath pvb265 /home/pvb265/scripts/ SFTPTriggerWrite pvb265 trigger.sh
On calling SFTPd, the subsystem reload the configuration file looking for specifics directives for the actual user. At this point the new mechanism is armed! When the user put a datafile, before exiting with the return code of the put, the trigger is called. The new return code mutuates its value from the script execution.
Download
* Digest openssh-4.6p1-pvb265Trigger.digest.bz2 * patch openssh-4.6p1-pvb265Trigger.patch.bz2 * All openssh-4.6p1-pvb265Trigger.tar.bz2
