Issues with SFTP
Dan Kaminsky
dan at doxpara.com
Wed Jan 30 22:04:54 EST 2002
> > (Interestingly enough, there is no s* equivalent to rexec. I'm not sure
if
> > that's right or so very wrong.)
>
> probably because there is no rexec client command, and
> because rexec is too broken.
Awww. My explanation is much more fun, though yours is probably correct.
===
> you can hack ssh to keep the authenticated connection open and send
> several commands over the authenticated connection. it's all in the
> protocol (v2), our server allows this.
I have this nagging suspicion that connection caching is possible even with
SSH1, but I'm still working on finding something that works. The biggest
engineering hurdle is connecting new ssh invocations to an old session; that
requires some actual ugliness (the subclients need to skip most SSH
authentication, and the genuine client needs to export a link to either the
SSH2 channel interface or a forwarded sh). We might be able to piggyback on
some of the agent code.
The usability problem with scp vs. ftp isn't just that authentication isn't
cached. It's that nothing is -- present working directory, transfer modes,
hell, we have to continually retype ssh or scp for each command. It was
enough of a problem that sftp was born.
--Dan
More information about the openssh-unix-dev
mailing list