Improving sftp (was Re: BUG: scp -r follows symlinks)

Damien Miller djm at mindrot.org
Sun Jan 11 18:38:07 EST 2004


On Sun, 2004-01-11 at 17:22, Peter Stuge wrote:
> > If there is something you want that it doesn't have,
> > add it and send a patch!
> 
> Aye. After readline and completion it needs recursion[2] (is server push
> possible?) and resume[3] which both seem to be not quite as far along..

I'm not sure what you mean by "server push", but it is probably not
possible with the current sftp protocol, as all operations are initiated
by the client.

Recursion would be nice, someone just needs to make a patch. This is
probably the biggest thing holding sftp back from properly replacing
sftp.

> When that's done, I think anonymous access and bandwidth and transfer
> count limits is "all" that's needed for sftp to take the place of most
> FTP installations. (..that I know about, at least. :)

Anonymous access isn't the responsability of sftp, but it is easy enough
to set up anyway.

> Also, what would be the best way to only allow users access to a certain
> subsystem and not the shell or command execution, and how to go about
> creating virtual users that should just be mapped onto some real UID?

Custom shell.

> I assume no, they shouldn't be broken out. How does everyone feel about the
> features I mention above? I'm not sure an ssh implementation should include
> all of that code..

We have no plans for bandwidth of transfer limits (i'm not sure they
belong there), but everything else is already planned. The extra code
doesn't bloat sshd, sftp-server is a separate binary and process. Ditto
the client.

-d





More information about the openssh-unix-dev mailing list