Difference between executing a command and calling a subsystem?
Damien Miller
djm at mindrot.org
Sun Jul 6 19:15:12 EST 2003
Dan Kaminsky wrote:
>>Subsystems must be pre-defined in sshd_config. They are intended more as
>>a sub-protocol extension mechanism (e.g. sftp) than as a user-visible
>>way to execute commands.
>>
>>As far as execution of commands go, there is very little difference in
>>terms of code executed between a defined subsystem and "ssh somehost
>>command"
>>
>>
> Isn't their execution environment much more strictly defined, i.e.
stderr isn't available and ~/.ssh/rc isn't sourced, but IIRC those are
the only differences.
> pathing issues aren't a problem like with scp,
Only in that the SubSystem definition specifies a full path.
> and it's fair game to
> specify _protocols_ rather than _implementations_?
The intent of subsystems is for use by protocols. So far the only two
are sftp (draft-ietf-secsh-filexfer) and F-Secure's pubkey management
protocol.
> Is the user's shell still invoked to execute subsystems?
Yes. e.g. rssh
-d
More information about the openssh-unix-dev
mailing list