OpenSSH/scp ->> F-Secure SSH server Problems

Andrew Bartlett abartlet at pcug.org.au
Wed Mar 14 07:48:10 EST 2001 

"Greg A. Woods" wrote:
> 
> [ On Monday, March 12, 2001 at 22:24:32 (+0100), Markus Friedl wrote: ]
> > Subject: Re: OpenSSH/scp ->> F-Secure SSH server Problems
> >
> > On Sun, Mar 11, 2001 at 10:10:41PM -0500, Greg A. Woods wrote:
> > > My guess is this is just an excuse to use the "built-in subsystem"
> > > feature bloat in the secsh protocol.
> >
> > subsystem is not feature bloat, it's like exec-command, but allows
> > a level of redirection.
> 
> That's totally bogus.
> 
> There are a zillion ways on most server-type platforms to do such
> indirection without having to integrate it into SSH, not to mention that
> almost all of those alternatives would then lead to total independence
> of SSH and thus total portability across all generic transport protocols.
> 
> I.e. anything add-on client/server application (eg. file transfer) that
> is simply remotely executes a server instance though an existing SSH
> connection is truly independent of SSH (and any other transport
> protocol).
> 
> The "built-in subsystem" feature is bad design.  It has no business
> being directly in the transport protocol.  It is an ugly wart.

I think it is a very elegant design.  It costs about 30 lines of very
easy to read code.  All it does it execute commands, and allows the
sys-admin control over what commands are provided.  

As has been stated elsewhere, sftp is as portable as a standard output
stream:  Its executable by anybody and does not rely on SSH, it just
happens to be bundled with OpenSSH for convenience.

> 
> > > In this case (i.e. in the case of wanting to "ftp" over SSH) the issue
> > > is with the stupid user interface.  Naive users are looking for some SSH
> > > file copying tool that works just like their FTP clients, i.e. where
> > > they can see a list of files on the server and click/drag/whatever them
> > > to effect the copy.
> >
> > have you ever tried the vandyke.com sftp-client?
> 
> I have no idea what that might even be.  I do not ever use any platforms
> that Van Dyke Tech. current software offerings might run on (well not
> without duress, and then only as dumb terminals).
> 
> --
>                                                         Greg A. Woods
> 
> +1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
> Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>

-- 
Andrew Bartlett
abartlet at pcug.org.au

More information about the openssh-unix-dev mailing list