OpenSSH/scp ->> F-Secure SSH server Problems

Mats Andersson mats at
Wed Mar 14 19:02:20 EST 2001


On Tue, 13 Mar 2001, Greg A. Woods wrote:
> I'm talking about the protocols, not the implementation.  In SSH-v2
> the SFTP application uses the "built-in subsystem" feature of the
> SECSH protocol.  I.e. it is not independent of SSH -- it relies on an
> inherent feature of the transport protocol.
> > > The "built-in subsystem" feature is bad design.  It has no business
> > > being directly in the transport protocol.  It is an ugly wart.

Good, since we're speaking about the protocols here, this is the only
mention of subsystems in the sftp draft I'm aware of:

When used with the Secure Shell protocol suite, this protocol is intended
to be used from the Secure Shell Connection Protocol as a subsystem, as
described in [SECSH-CONN], Section ``Starting a Shell or a Command''. The
subsystem name used with this protocol is "sftp".

As you may see this indeed does not state any dependency, it only gives a
recomendation for intended usage. You might also have noticed (since I
assume you indeed have read the drafts) that the subsystem feature is not
part of the transport protocol, it is a (very tiny, one could add) feature
in the connection protocol. You have almost surely also seen that one
argument was that a subsystem might be built into the ssh server which is
probably one good reason for having it in the spec.

Apart from this, you are of course also free to define whatever other
fancy "independent" protocols you might think of either as subsystems or
as ordinary "independent" servers running across stdio (one might note
here that there is no difference in practice as for how these should work
since both only "see" a stream to its peer).

So, what do I want to say with this? Well, people that have different
oppinions/suggestions/improvements/complaints on different implementations
in general and on the protocols in particular should at least have read
the specs (one could add thouroughly here...).



More information about the openssh-unix-dev mailing list