Hello @Eugeny, I am not sure why the test aer failing in the Github Action as I have ran them locally and they passed without an issue. Looks like the issue is 2 different test timeout in CI each time due to Docker resource exhaustion after ~160 tests (maybe).
I am open to any proposal!

Thank you for the PR! After a cursory glance, it doesn't seem to actually prevent the user from writing/reading data from the FS as there's still nothing stopping them from doing so from within their shell session?

@Eugeny Thanks fro the feedback, this PR design was mainly around the SCP/SFTP subsystem of SSH, It is possible to intercept the SSH session commands as it is the same-ish mechanism used for recording the SSH session.
I am planning to look into having a feature that allow the administrator to control/prevent some commands to be ran on the Target server.

This PR also does not cover these use-cases too:

• Allow only the user to upload and/or download file from the server ONLY without SSH session
• Inline file scanning to prevent any malicious file to be uploaded (only file extensions prevention, which was quick-win as a all the metadata were accessible)

If you think it is mandatory feature to be able to have this in this PR, I will work on it but I will need sometime before being able to deliver this

Thanks again fro the review

I see - unfortunately there's no security gained by this PR as-is unless shell and exec sessions are also forbidden, because there's still (a very easy) way to read/write arbitrary files. So while it might tick the boxes for a specific security audit, it doesn't actually prevent unauthorized access.

It's fundamentally impossible to selectively restrict command execution in shell sessions too, since the SSH server only sees user keystrokes and display output and has no concept of "commands" per se (except exec requests, but again the user can bypass that by simply running commands in the shell).

It's not possible to "recognize" and parse shell input either because that's trivially bypassable by encrypting the commands/inputs, saving it remotely and decrypting it there, so it's never visible on the SSH protocol.

As it is, I'm currently tending towards not accepting this as a feature, however I'm still interested in some parts of this PR, if you could separate them out:

• Time limited role assignments
• SFTP audit logging - please see if it's possible to reuse the russh-sftp crate instead of manually parsing the messages

@Eugeny
I totally agree with you that this technically does not block file transfer as I can open SSH session and copy/paste the content of a file.

I will separate the TTL role assignment feature, and look into the usage of rssh-sftp for the SFTP audit logging, for audit log purposes only !

While I am at it I added some screenshot to this PR, even if it will not move forward I really appreciate the review

@Eugeny
Quick update on the russh-sftp usage (and thanks for pointing that out), it would replace:

• the parser parser.rs
• response.rs
• protocol types in types.rs

Follow-up question, would it be acceptable to update this feature to:

• State that this only blocks, SCP, SFTP and RSYNC protocols from uploading but user has SSH this access can bypassed this ?
  Which gets me to the next point :
• Is adding the possibility to block interactive SSH sessions which can make the target usable only for File transfer
• This PR supports also the legacy SCP (that does scp -t and scp -f exec) -> if we move forward with the proposal of blocking interactive sessions

Could you please reformulate the second half of your reply? I couldn't parse it

Sorry @Eugeny for the not clear comment, It was done little bit too lat in the night

To address this, I suggest adding a Restricted Shell mode to make targets truly "File Transfer Only." Regarding this proposal:

• Interactive Sessions: Should we allow blocking interactive SSH sessions to enforce this file-transfer-only access?
• UI Clarity: For cases where the role blocks file transfer protocols but not the interactive session, I can add a warning in the UI to let admins know the restriction can be bypassed via the shell.
• Legacy SCP: I have already implemented support for legacy SCP (scp -t and -f). Should we keep this to ensure full backward compatibility, or would you prefer I drop it to keep this PR more focused and simplified?

@Eugeny Hello, did you have the time tou check my last comment please ?

Thanks for getting back to me and sorry for the delay!

Interactive Sessions: Should we allow blocking interactive SSH sessions to enforce this file-transfer-only access?

Yes - blocking session and exec channels should be a requirement for using SFTP permissions.

UI Clarity: For cases where the role blocks file transfer protocols but not the interactive session, I can add a warning in the UI to let admins know the restriction can be bypassed via the shell.

See above - enabling SFTP permissions should not be possible when interactive sessions are allowed.

Legacy SCP: I have already implemented support for legacy SCP (scp -t and -f). Should we keep this to ensure full backward compatibility, or would you prefer I drop it to keep this PR more focused and simplified?

We can leave these out - no reason to use legacy SCP in 2026.

@Eugeny Thanks a lot for the clarification I will add those requirements then !
I will update the PR to match the specs, byt the end of the next week

@Eugeny Here's an update addressing all your feedback points:

What changed

Enforcement mode (addresses session/exec blocking requirement)

• Added instance-wide sftp_permission_mode setting: strict (default) / permissive
• Strict mode: When SFTP restrictions are active on a target, session, exec, direct-tcpip, direct-streamlocal, tcpip-forward, and streamlocal-forward channels are all blocked
• Permissive mode: SFTP restrictions enforced, but shell/exec/forwarding remain open (for gradual rollout)
• File transfer only: The toggle file_transfer_only on role, we can enable this to enforce for that specific role to block the interactive, exec channels and port-forward channels.

SCP removed

• Deleted the entire SCP module per your guidance
• Legacy scp commands now pass through as regular exec (blocked in strict mode and if the role with "FIle transfer only" activated)

SFTP codec replaced

• Swapped custom SFTP parser with russh-sftp codec as you suggested
• Added allowlist-based SFTP EXTENDED packet handling (safe/write/unknown categories)

Permission inheritance model

• Role-level defaults: upload/download toggles + advanced restrictions (allowed paths, blocked extensions, max file size)
• Target-role overrides: null = inherit from role, explicit true/false = override
• Hierarchy: Target override - Role default - System default (allow)

User role expiry

• Optional expires_at on role assignments, automatic revocation, full history tracking

PR description updated

Rewrote to be more concise with a design decisions section explaining the rationale behind each architectural choice.

Terraform provider

Companion PR: https://github.com/warp-tech/terraform-provider-warpgate/pull/18``

@Eugeny Please let me know if you think this needs more changed or updated to match the expected behavior.

Edit: I am planning to rewrite git history to make it easier to grasp as there was some changes and fixes that could have been merge. Let me know if you want me to keep it as is !

Hello @Eugeny sorry for the multiple pings, can you please check this PR ?

Sorry for taking so long - I have a large backlog and can spend very little time on it right now - it might take up to 2 weeks for me to finish a review so please hold tight

@Eugeny that is no problem at all. I just wanted to make sure that there is no blocker on mu side.
Let me know if there is any issue that I can help with !