The highest tagged major version is v2.

sftpd

package

v1.2.2 Latest Latest Go to latest Published: Nov 18, 2020 License: GPL-3.0 Imports: 36 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/drakkan/sftpgo

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package sftpd implements the SSH File Transfer Protocol as described in https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02. It uses pkg/sftp library: https://github.com/pkg/sftp

Index ¶

func GetDefaultSSHCommands() []string
func GetSupportedSSHCommands() []string
func ServeSubSystemConnection(user dataprovider.User, connectionID string, reader io.Reader, ...) error
type Configuration
- func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.ServerConfig)
- func (c *Configuration) Initialize(configDir string) error
type Connection
type Key

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetDefaultSSHCommands ¶

func GetDefaultSSHCommands() []string

GetDefaultSSHCommands returns the SSH commands enabled as default

func GetSupportedSSHCommands ¶

func GetSupportedSSHCommands() []string

GetSupportedSSHCommands returns the supported SSH commands

func ServeSubSystemConnection ¶ added in v1.2.0

func ServeSubSystemConnection(user dataprovider.User, connectionID string, reader io.Reader, writer io.Writer) error

ServeSubSystemConnection handles a connection as SSH subsystem

Types ¶

type Configuration ¶

type Configuration struct {
	// Identification string used by the server
	Banner string `json:"banner" mapstructure:"banner"`
	// The port used for serving SFTP requests
	BindPort int `json:"bind_port" mapstructure:"bind_port"`
	// The address to listen on. A blank value means listen on all available network interfaces.
	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
	// Deprecated: please use the same key in common configuration
	IdleTimeout int `json:"idle_timeout" mapstructure:"idle_timeout"`
	// Maximum number of authentication attempts permitted per connection.
	// If set to a negative number, the number of attempts is unlimited.
	// If set to zero, the number of attempts are limited to 6.
	MaxAuthTries int `json:"max_auth_tries" mapstructure:"max_auth_tries"`
	// Deprecated: please use the same key in common configuration
	UploadMode int `json:"upload_mode" mapstructure:"upload_mode"`
	// Actions to execute on file operations and SSH commands
	Actions common.ProtocolActions `json:"actions" mapstructure:"actions"`
	// Deprecated: please use HostKeys
	Keys []Key `json:"keys" mapstructure:"keys"`
	// HostKeys define the daemon's private host keys.
	// Each host key can be defined as a path relative to the configuration directory or an absolute one.
	// If empty or missing, the daemon will search or try to generate "id_rsa" and "id_ecdsa" host keys
	// inside the configuration directory.
	HostKeys []string `json:"host_keys" mapstructure:"host_keys"`
	// KexAlgorithms specifies the available KEX (Key Exchange) algorithms in
	// preference order.
	KexAlgorithms []string `json:"kex_algorithms" mapstructure:"kex_algorithms"`
	// Ciphers specifies the ciphers allowed
	Ciphers []string `json:"ciphers" mapstructure:"ciphers"`
	// MACs Specifies the available MAC (message authentication code) algorithms
	// in preference order
	MACs []string `json:"macs" mapstructure:"macs"`
	// TrustedUserCAKeys specifies a list of public keys paths of certificate authorities
	// that are trusted to sign user certificates for authentication.
	// The paths can be absolute or relative to the configuration directory
	TrustedUserCAKeys []string `json:"trusted_user_ca_keys" mapstructure:"trusted_user_ca_keys"`
	// LoginBannerFile the contents of the specified file, if any, are sent to
	// the remote user before authentication is allowed.
	LoginBannerFile string `json:"login_banner_file" mapstructure:"login_banner_file"`
	// Deprecated: please use the same key in common configuration
	SetstatMode int `json:"setstat_mode" mapstructure:"setstat_mode"`
	// List of enabled SSH commands.
	// We support the following SSH commands:
	// - "scp". SCP is an experimental feature, we have our own SCP implementation since
	//      we can't rely on scp system command to proper handle permissions, quota and
	//      user's home dir restrictions.
	// 		The SCP protocol is quite simple but there is no official docs about it,
	// 		so we need more testing and feedbacks before enabling it by default.
	// 		We may not handle some borderline cases or have sneaky bugs.
	// 		Please do accurate tests yourself before enabling SCP and let us known
	// 		if something does not work as expected for your use cases.
	//      SCP between two remote hosts is supported using the `-3` scp option.
	// - "md5sum", "sha1sum", "sha256sum", "sha384sum", "sha512sum". Useful to check message
	//      digests for uploaded files. These commands are implemented inside SFTPGo so they
	//      work even if the matching system commands are not available, for example on Windows.
	// - "cd", "pwd". Some mobile SFTP clients does not support the SFTP SSH_FXP_REALPATH and so
	//      they use "cd" and "pwd" SSH commands to get the initial directory.
	//      Currently `cd` do nothing and `pwd` always returns the "/" path.
	//
	// The following SSH commands are enabled by default: "md5sum", "sha1sum", "cd", "pwd".
	// "*" enables all supported SSH commands.
	EnabledSSHCommands []string `json:"enabled_ssh_commands" mapstructure:"enabled_ssh_commands"`
	// Absolute path to an external program or an HTTP URL to invoke for keyboard interactive authentication.
	// Leave empty to disable this authentication mode.
	KeyboardInteractiveHook string `json:"keyboard_interactive_auth_hook" mapstructure:"keyboard_interactive_auth_hook"`
	// PasswordAuthentication specifies whether password authentication is allowed.
	PasswordAuthentication bool `json:"password_authentication" mapstructure:"password_authentication"`
	// Deprecated: please use the same key in common configuration
	ProxyProtocol int `json:"proxy_protocol" mapstructure:"proxy_protocol"`
	// Deprecated: please use the same key in common configuration
	ProxyAllowed []string `json:"proxy_allowed" mapstructure:"proxy_allowed"`
	// contains filtered or unexported fields
}

Configuration for the SFTP server

func (*Configuration) AcceptInboundConnection ¶

func (c *Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.ServerConfig)

AcceptInboundConnection handles an inbound connection to the server instance and determines if the request should be served or not.

func (*Configuration) Initialize ¶

func (c *Configuration) Initialize(configDir string) error

Initialize the SFTP server and add a persistent listener to handle inbound SFTP connections.

type Connection ¶

type Connection struct {
	*common.BaseConnection
	// client's version string
	ClientVersion string
	// Remote address for this connection
	RemoteAddr net.Addr
	// contains filtered or unexported fields
}

Connection details for an authenticated user

func (*Connection) Disconnect ¶ added in v1.1.0

func (c *Connection) Disconnect() error

Disconnect disconnects the client closing the network connection

func (*Connection) Filecmd ¶

func (c *Connection) Filecmd(request *sftp.Request) error

Filecmd hander for basic SFTP system calls related to files, but not anything to do with reading or writing to those files.

func (*Connection) Filelist ¶

func (c *Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error)

Filelist is the handler for SFTP filesystem list calls. This will handle calls to list the contents of a directory as well as perform file/folder stat calls.

func (*Connection) Fileread ¶

func (c *Connection) Fileread(request *sftp.Request) (io.ReaderAt, error)

Fileread creates a reader for a file on the system and returns the reader back.

func (*Connection) Filewrite ¶

func (c *Connection) Filewrite(request *sftp.Request) (io.WriterAt, error)

Filewrite handles the write actions for a file on the system.

func (*Connection) GetClientVersion ¶ added in v1.1.0

func (c *Connection) GetClientVersion() string

GetClientVersion returns the connected client's version

func (*Connection) GetCommand ¶ added in v1.1.0

func (c *Connection) GetCommand() string

GetCommand returns the SSH command, if any

func (*Connection) GetRemoteAddress ¶ added in v1.1.0

func (c *Connection) GetRemoteAddress() string

GetRemoteAddress return the connected client's address

func (*Connection) Lstat ¶ added in v1.1.0

func (c *Connection) Lstat(request *sftp.Request) (sftp.ListerAt, error)

Lstat implements LstatFileLister interface

func (*Connection) OpenFile ¶ added in v1.1.0

func (c *Connection) OpenFile(request *sftp.Request) (sftp.WriterAtReaderAt, error)

OpenFile implements OpenFileWriter interface

type Key ¶

type Key struct {
	// The private key path as absolute path or relative to the configuration directory
	PrivateKey string `json:"private_key" mapstructure:"private_key"`
}

Key contains information about host keys Deprecated: please use HostKeys

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL