How to limit to a single SFTP session only?

Advertisement

Kirk Wolf
Joined:
Posts:
5

How to limit to a single SFTP session only?

We have a SFTP server where we need to limit a given WinSCP user to a single ssh/sftp session.
Using WinSCP 4.1.9 Build 416, it seems to be impossible to prevent WinSCP from starting a second sftp session to the server for transfers. Is there a way around this?

Thanks,
Kirk Wolf

Reply with quote

Advertisement

Kirk Wolf
Joined:
Posts:
5

BTW - if we can resolve this issue, we can probably get WinSCP to work with z/OS (MVS) including not only the z/OS Unix filesystem but also MVS datasets via SSH/SFTP.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,599
Location:
Prague, Czechia

Re: How to limit to a single SFTP session only?

Kirk Wolf wrote:

We have a SFTP server where we need to limit a given WinSCP user to a single ssh/sftp session.
Using WinSCP 4.1.9 Build 416, it seems to be impossible to prevent WinSCP from starting a second sftp session to the server for transfers. Is there a way around this?
What would prevent user to start another WinSCP instance? Or using another client?

You have to place such restrictions on the server side.
_________________
Martin Prikryl

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,599
Location:
Prague, Czechia

Kirk Wolf wrote:

Sorry, I see that this question was asked and answered last year.

https://winscp.net/forum/viewtopic.php?t=7740

Apparently it is not possible any longer.
Is there a reason that this feature (limit to single SFTP session) was removed?
This is completely unrelated.
_________________
Martin Prikryl

Reply with quote

Kirk Wolf
Joined:
Posts:
5

Re: How to limit to a single SFTP session only?

martin wrote:

Kirk Wolf wrote:

We have a SFTP server where we need to limit a given WinSCP user to a single ssh/sftp session.
Using WinSCP 4.1.9 Build 416, it seems to be impossible to prevent WinSCP from starting a second sftp session to the server for transfers. Is there a way around this?
What would prevent user to start another WinSCP instance? Or using another client?

You have to place such restrictions on the server side.

The problem is this:

When using WinSCP to a z/OS server, there are a bunch of z/OS-specific file transfer settings that are outside the SFTP spec. With WinSCP, you can set these options by creating (or renaming) files in a pseudo directory (/+). It is no problem doing this from WinSCP.

The problem is that once you have set those options, they affect only that sftp session. So if WinSCP insists on starting a new sftp session for doing file transfers, then the options are lost.

This is why we would like to have a single WinSCP "session" only start a single sftp session to z/OS.

Thanks,
Kirk Wolf

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,599
Location:
Prague, Czechia

Re: How to limit to a single SFTP session only?

OK, I see. But unfortunately, WinSCP does not support that any more.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum