Strange interaction of sftp and protocol version 1
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Mon May 21 22:29:38 EST 2001
On Mon, May 21, 2001 at 10:09:10PM +1000, Gordon Rowell wrote:
> Are both of the following statements meant to be true?
> - Subsystems must be defined for the server to support them
yes.
> - Protocol version 1 does not support subystems
yes.
> For Linux, I need the following to enable sftp:
>
> Subsystem sftp /usr/libexec/openssh/sftp-server
yes.
> However, if I comment out/remove this line and restart sshd, I can still
> start sftp when using Protocol version 1.
yes.
> [gordonr at icedvovo]$ sftp timtam
> Connecting to timtam...
> Password:
> Request for subsystem 'sftp' failed on channel 0
> Connection closed
yes, correct.
> This is fine - no DSA key, so fallback to password, then fail as sftp is
> not enabled.
>
> [gordonr at icedvovo]$ sftp -1 timtam
> Connecting to timtam...
> Enter passphrase for RSA key 'gordonr at xxxxx':
> sftp>
>
> OK, we have an RSA key, which works and then sftp starts and works.
>
> Is this the correct behaviour?
yes.
with protocol 1 we do not use subsystems but try to execute sftp-server
with
ssh host /path/to/sftp-server
you can do nothing to restrict this. it's just like
ssh host date
ssh host ls
if you remove the subsystem definition you can still use sftp with protocol v2:
sftp -s server /path/to/sftp-server
the 'Subsystem sftp' declaration is just an additional level of
indirection: the client user does not need to know the exact location
of the sftp-server
-m
More information about the openssh-unix-dev
mailing list