OpenSSH/scp ->> F-Secure SSH server Problems

Damien Miller djm at mindrot.org
Wed Mar 14 08:23:56 EST 2001


On Tue, 13 Mar 2001, Greg A. Woods wrote:

> > subsystem is not feature bloat, it's like exec-command, but allows
> > a level of redirection.
>
> That's totally bogus.
>
> There are a zillion ways on most server-type platforms to do such
> indirection without having to integrate it into SSH,

Most of which are completely irrelevant to SSH.

> not to mention that
> almost all of those alternatives would then lead to total independence
> of SSH and thus total portability across all generic transport protocols.

Huh? sftp-server is totally independant of SSH - it can be (and is in
OpenSSH) a seperate binary that you could use to transfer files over
TLS or whatever else you want.

> I.e. anything add-on client/server application (eg. file transfer) that
> is simply remotely executes a server instance though an existing SSH
> connection is truly independent of SSH (and any other transport
> protocol).
>
> The "built-in subsystem" feature is bad design.  It has no business
> being directly in the transport protocol.  It is an ugly wart.

No, it is a robust way of specifying server systems without having to
rely on locations of binaries, etc. It does not require that the
subsystems be integrated into the server.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer






More information about the openssh-unix-dev mailing list