Opened at 2011-05-25T22:42:16Z
Last modified at 2014-12-02T19:52:34Z
#1410 new defect
sftp server listens on reachable IP addresses by default
| Reported by: | gdt | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | code-frontend-ftp-sftp | Version: | 1.8.2 |
| Keywords: | sftp security | Cc: | |
| Launchpad Bug: |
Description (last modified by warner)
The sftp server listens without binding to localhost by default. While the docs advise (see #1175) to specify 127.0.0.1, sftp should default to local because it's the standard approach for FUSE mounting, and mounting a filesystem locally should not cause any globally listening sockets.
Eventually we'll have IPv6, so listening should be on not only 127.0.0.1 but also ::1. Therefore I suggest a variable in the sftpd section "global", defaulting to false, that if false causes listening on localhost only, and if true the current behavior.
Change History (1)
comment:1 Changed at 2014-12-02T19:52:34Z by warner
- Component changed from code-frontend to code-frontend-ftp-sftp
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
