Difference between executing a command and calling a subsystem?

Damien Miller djm at mindrot.org
Sun Jul 6 19:15:12 EST 2003


Dan Kaminsky wrote:
>>Subsystems must be pre-defined in sshd_config. They are intended more as
>>a sub-protocol extension mechanism (e.g. sftp) than as a user-visible
>>way to execute commands.
>>
>>As far as execution of commands go, there is very little difference in
>>terms of code executed between a defined subsystem and "ssh somehost
>>command"
>>  
>>
> Isn't their execution environment much more strictly defined, i.e. 

stderr isn't available and ~/.ssh/rc isn't sourced, but IIRC those are
the only differences.

> pathing issues aren't a problem like with scp, 

Only in that the SubSystem definition specifies a full path.

> and it's fair game to 
> specify _protocols_ rather than _implementations_?

The intent of subsystems is for use by protocols. So far the only two
are sftp (draft-ietf-secsh-filexfer) and F-Secure's pubkey management
protocol.

> Is the user's shell still invoked to execute subsystems?

Yes. e.g. rssh

-d




More information about the openssh-unix-dev mailing list