SFTP with dummy shells

Ben Lindstrom mouring at etoh.eviladmin.org
Sun Feb 24 18:38:53 EST 2002

I don't like that idea.. When I set a shell to /bin/false I expect
all deamons to honor that shell.  And not to go behind my back and
execute some random command for the user.. Be it rsh, ssh, telnet, etc.

How do you implement this for sftp-server only in a sane way?  Can't
put it in the sftp-server code.  By time it hits there it is too late.
Which means you have to add a feature to the the sshd to decide if
that subsystem should honor /etc/shells or some other option to define
what is valid behavior.  In the worse case 'sftp-server' may be allowed
to run with a dummy shell /bin/splat  where 'my-home-made-BBS'
should be ran with a real shell.  And even worse..   'my-MUD' may be
allowed to run /bin/digdug but should not allow /bin/splat to be a valid
dummy shell.  So now you have to support reading multiple /etc/shells
instead of solving it in a simplier way.

I don't think it is really the subsystem's job.  Any correctly written
dummy shell can detect a '-c sftp-server' and hanlde it gracefully
(and no /bin/false is not a dummy shell, IMNSHO =).

<shrug> To go back to a really old argument.  Subsystem's sole job is to
manage services better to remove the 'is the calling server in my $PATH
and named 'foo-bar-cat'.  Nothing more.. Nothing less.  OpenSSH's sftp
client proves it is not a required functionality (from a desing view, not
from an RFC view) with the ability to do sftp over protocol 1.

Dummy shells should have enough brains to detect the subsystem request and
handle it transparently.  It is not that hard of a thing to do in most
shell script style languages.

And I don't feel it is something that needs to be handle at the sshd level
because it can be handled at a lower level just as safe.

- Ben

On 23 Feb 2002, Florin Andrei wrote:

> Guys,
> There was some discussion a while ago on this list about making SFTP
> connections for users that don't have a "valid" shell. The solution i
> saw on the list was to use sftp-server as a shell.
> Now, that's fine and it seems to work. However, i would like to provide
> SFTP access to users with arbitrary shells, no matter if the shell exits
> immediately (/bin/false) or not (some #!/usr/bin/dialog script).
> This would be a kick-ass feature! :-)
> --
> Florin Andrei
> "When the prime minister is appearing at product launches by a company
> twice found by courts to be abusing a monopoly and facing billions of
> dollars in lawsuits, you have to ask questions." - Alan Cox
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list