[Bug 1599] New: "ForceCommand internal-sftp" not working as expected
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue May 19 06:41:14 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1599
Summary: "ForceCommand internal-sftp" not working as expected
Product: Portable OpenSSH
Version: 5.2p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: openssh-bugs at wulf.eu.org
Hello,
I tried setting up sshd for chrooted login and sftp-only access. My
/etc/ssh/sshd_config contains (among other stuff):
Subsystem sftp /usr/lib/openssh/sftp-server
Match User foo
ChrootDirectory /srv/foo
ForceCommand internal-sftp
The "Subsystem" option is set by default on debian systems.
The manual page says for "ForceCommand": Specifying a command of
“internal-sftp” will force the use of an in-process sftp server that
requires no support files when used with ChrootDirectory.
When I connect with sftp, sftp requests the subsystem 'sftp'. The
output from sshd is:
subsystem request for sftp
subsystem: cannot stat /usr/lib/openssh/sftp-server: No such file or
directory
subsystem request for sftp failed, subsystem not found
Connection closed by 127.0.0.1
Setting "Subsystem sftp internal-sftp" works around the problem, but
that option is not allowed inside a Match block.
If the stat() call in session_subsystem_req succeeds, is_subsystem is
set to SUBSYSTEM_EXT; then do_exec is called, it overrides this and
sets is_subsystem = SUBSYSTEM_INT_SFTP.
I believe that calling stat() on the external program and then calling
the internal sftp handler is not intended behaviour.
Regards
Jörn Heissler
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list