OpenSSH/scp ->> F-Secure SSH server Problems
Damien Miller
djm at mindrot.org
Wed Mar 14 08:23:56 EST 2001
On Tue, 13 Mar 2001, Greg A. Woods wrote:
> > subsystem is not feature bloat, it's like exec-command, but allows
> > a level of redirection.
>
> That's totally bogus.
>
> There are a zillion ways on most server-type platforms to do such
> indirection without having to integrate it into SSH,
Most of which are completely irrelevant to SSH.
> not to mention that
> almost all of those alternatives would then lead to total independence
> of SSH and thus total portability across all generic transport protocols.
Huh? sftp-server is totally independant of SSH - it can be (and is in
OpenSSH) a seperate binary that you could use to transfer files over
TLS or whatever else you want.
> I.e. anything add-on client/server application (eg. file transfer) that
> is simply remotely executes a server instance though an existing SSH
> connection is truly independent of SSH (and any other transport
> protocol).
>
> The "built-in subsystem" feature is bad design. It has no business
> being directly in the transport protocol. It is an ugly wart.
No, it is a robust way of specifying server systems without having to
rely on locations of binaries, etc. It does not require that the
subsystems be integrated into the server.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list