Strange interaction of sftp and protocol version 1

Gordon Rowell gordonr at e-smith.com
Mon May 21 22:34:23 EST 2001


On Mon, May 21, 2001 at 10:27:36PM +1000, Damien Miller <djm at mindrot.org> wrote:
> [...]
> If your goal is to prevent sftp access, then delete or rename the
> sftp binary. 

No such goal, just a surprising result (to me) that allowing protocol 
version 1 enabled sftp regardless of the configuration.

Which raises the issue that the default path to subsystems is 
/usr/libexec, whereas they are installed in (under Linux at least) in
/usr/libexec/openssh 

Is that intentional or is sftp meant to work "out of the box" for V1?

> Recognise though that allowing ssh access is going to
> implicitly allow file transfer in almost all cases anyway.

Sure.

Thanks,

Gordon
--
  Gordon Rowell                         gordonr at e-smith.com
  http://www.e-smith.org (development)  http://www.e-smith.com (corporate)
  e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada




More information about the openssh-unix-dev mailing list