This is a multi-part message in MIME format.

------=_NextPart_000_0094_01C69B66.CD24AC60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

>Hi,
> I have a unique ssh/sftp requirement. I have two networks
>separated by a firewall. I would like to allow anyone on my "internal"
>network to ssh to my "external" network but I would like to control who
>is allowed to sftp/scp files from my internal network to my external
>network. How can I do this? Is there a way to do this if my firewall
>doesn't support controlling such an activity? Will setting up some =

kind
>of internal proxy/port forwarding server do the trick?
>
>The version that I am using is:
>OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
>HP-UX Secure Shell - A.04.00.000


Hello Jim,

The sftp/scp commands internally make use of ssh for remote connection. =
So=20
you can't control sftp/scp providing access only to ssh. For scp, the =
remote=20
machine (sshd) invoke scp process and for sftp it invokes sftp-server=20
subsystem. So you can completely disable sftp/scp by removing them in =
the=20
remote system. But that happens only after Authenticating the user

regards,
Visolve Security Consulting Group.

------=_NextPart_000_0094_01C69B66.CD24AC60
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">





>Hi,
>        I have a =
unique=20
ssh/sftp requirement.  I have two networks
>separated by a=20
firewall.  I would like to allow anyone on my =
"internal"
>network to=20
ssh to my "external" network but I would like to control who
>is =
allowed=20
to sftp/scp files from my internal network to my =
external
>network. =20
How can I do this?  Is there a way to do this if my =
firewall
>doesn't=20
support controlling such an activity?  Will setting up some =
kind
>of=20
internal proxy/port forwarding server do the trick?
>
>The =
version=20
that I am using is:
>OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct =
2004
>HP-UX=20
Secure Shell - A.04.00.000

Hello Jim,

The sftp/scp =
commands=20
internally make use of ssh for remote connection. So
you can't =
control=20
sftp/scp providing access only to ssh. For scp, the remote
machine =
(sshd)=20
invoke scp process and for sftp it invokes sftp-server
subsystem. So =
you can=20
completely disable sftp/scp by removing them in the
remote system. =
But that=20
happens only after Authenticating the user

regards,
Visolve =

Security Consulting Group.


------=_NextPart_000_0094_01C69B66.CD24AC60--