Enhance sftp protocol: get SHA hash of file

Ben Lindstrom mouring at offwriting.org
Thu Jun 30 00:00:18 EST 2011

However, sftp doesn't link to crypto libraries by default.  =-) 

A few years back I hacked in a simple "sumslist at eviladmin.org" protocol
based on the block size that sftp set for it's window, but instead of SHA1
I was using MD5 at the time.  You could simply request a single block
or loop through and request a list of blocks.

The server side code is dead simple and following the tradition of the
rest of sftp-server code be rather unintelligent and very very simple 
(read:  if you wanted a block list the client had to loop through the local
file with the current window size and request an MD5 check some 
per block).

It was under 400 lines so it isn't that complex.  It didn't support any cool
features like sliding windows, etc.  But that complexity could be
implemented on the client side.  It was more a proof of concept than a
real implementation (the implementation sucks rocks and I know there
are bugs in it).

I abandoned it for some reason.  I really wish I knew why.  I suspect it
had to do with the cost of doing the checksum list was approaching
the cost of actually downloading the file in the method I choice to
implement it.

- Ben

On Jun 29, 2011, at 6:05 AM, Dan Kaminsky wrote:

> I could see various uses of this, and its not like OpenSSH doesn't already
> have sha1 built in.  It could also be hacked in via a command line channel,
> seeking sha1sum or a perl oneliner.
> On Wed, Jun 29, 2011 at 3:57 AM, Thomas Güttler
> <guettli at thomas-guettler.de>wrote:
>> Hi,
>> it would be great, if the sftp protocol could be
>> enhanced: get sha (or other hash value) from a file or part of a file.
>> This would make it possible to run a rsync like file transfer
>> on sftp.
>> I would suggest a protocol like this
>> Client sends to Server:
>> get-supported hash-methods
>> returns whitespace seperated list like md5 sha1 sha256 ....
>> returns: hexlified hash value (all lowercase)
>> To get the hash value of the whole file: STARTOFFSET=0 and BYTECOUNT=0
>> Anyone interested?
>> Thomas Güttler
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list