-4

I need to run SCP, SFTP, and SSH in the same host but via three different ports; is there a way where we can configure SSHD in that manner? Thanks in advance.

yello_flash
  • 1
  • 1
  • 3
  • 7
    Why do you *need to* configure it that way, since `scp` and `sftp` use `ssh` as transport method. – Thomas Sep 29 '18 at 12:34
  • 4
    What on earth is this all about? They are all ssh, and there's no real difference between scp and sftp. You can certainly do it, it just makes absolutely no sense. It provides no security benefits or any other benefits; it provides only inconvenience. – Michael Hampton Sep 29 '18 at 14:25
  • I was trying to allow only SCP and block the ssh for some users. the same way I was trying to block SSH and allow only SFTP. after assigning three ports, I think we can handle it SSHD_config the way we want. can put restrictions for the access – yello_flash Oct 02 '18 at 03:35

3 Answers3

1

You can do that by adding in

/etc/ssh/sshd_config

file the ports you want to use on the server: Example:

Port 22

Port 60000

Port 60001

And then on the client you can, for example:

$ scp -p 60000 ./file 192.168.1.2:/home/user/   ##adapt on your needs

in another terminal

$ ssh user@192.168.1.2   ##that's on port 22

and can run sftp

$ sftp -P 60001 user@192.168.1.2:/home/user/file  #transfer file to your pwd

That it.

C. La Mosca
  • 81
  • 5
  • I think for each port we can do the access restriction separately right? lets say if I want user A to give access only for SCP, then I can block user A from other ports and allow only through the port 60000 right (via SSHD_config)? – yello_flash Oct 02 '18 at 03:38
  • Yes it is. Take a look at these links: https://stackoverflow.com/questions/37111500/separate-ssh-and-sftp and https://stackoverflow.com/questions/1526919/linux-shell-to-restrict-sftp-users-to-their-home-directories There should be what you are looking for. Cheers. – C. La Mosca Oct 02 '18 at 17:48
0

The port that has full usual SSH on it will always also be usable for scp and SFTP. If that restriction is fine for you, you can of course start two additional SSH servers by passing other config files with other Port settings via -f. One of them will have the ForceCommand internal-sftp setting, the other one any of the solutions suggested here.

jplitza
  • 329
  • 1
  • 10
0

As a variant, you could configure SSH on any port that you want and make port-forwarding from three(for SSH, SCP and SFTP) different ports to this SSH port.

Alexander Tolkachev
  • 4,513
  • 3
  • 14
  • 23