[Bug 1258] sftp-server run although Subsystem disabled
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Nov 9 09:11:51 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1258
------- Comment #2 from dtucker at zip.com.au 2006-11-09 09:11 -------
(In reply to comment #0)
[...]
> subsystem request for sftp
> subsystem request for sftp failed, subsystem not found
> debug1: server_input_channel_req: channel 0 request
> exec reply 1
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req exec
This indicates that after the subsystem request fails, the client sends
a normal exec request (basically running the equivalent of "ssh server
sftp-server".
You can work around this by, eg, removing execute permission from
sftp-server (or maybe making a "sftp" group, chgrp'ing sftp-server and
making it owner and group execute only) but be aware that this does not
stop people transfering files via other means (or even copying up
another sftp-server binary as it's just a normal user-level process and
doesn't require any privileges).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list