OpenSSH/scp ->> F-Secure SSH server Problems

Greg A. Woods woods at weird.com
Mon Mar 19 04:32:59 EST 2001


[ On Friday, March 16, 2001 at 10:23:19 (+1100), Damien Miller wrote: ]
> Subject: Re: OpenSSH/scp ->> F-Secure SSH server Problems
>
> On Thu, 15 Mar 2001, Greg A. Woods wrote:
> > 
> > Exactly!  That's why the "built-in subsystem" feature is a wart!
> > There's no way to enforce implementations to honour the registered
> > names!
> 
> So what? If people want to break there systems, then we shouldn't
> stop them. Unix provides no way to _force_ people not to rename 'rm'
> to 'ls' either and it still works pretty well - people don't do it
> becuase it is _stupid_ to mess with well-known names.

Strangely with SSHv1 we all learned (or already knew implicitly) how to
deal with the problems of command paths and naming (and indeed
capabilities and syntax) on SSH servers.  This was possible because
there was a direct association between the system being connected to,
and its uniqueness.

SSHv2's "built-in subsystem" introduces a new naming system, and one
that will not necessarily be in the direct control of server
administrators (but rather with software developers).  This new naming
system is infinitely harder to deal with from the user level because it
now depends on the type of server software running on the target system,
not on the former direct relationship with the server system's name
and/or address.

SSHv2's "built-in subsystem" is not just not necessary -- it's
detrimental to the successful management of user's (and programmer's)
expectations!

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>





More information about the openssh-unix-dev mailing list