SFTP bug

Darren Tucker dtucker at dtucker.net
Wed Feb 26 18:32:19 AEDT 2020 

On Wed, Feb 26, 2020 at 11:29:18AM +0530, shiva kumar wrote:
> Hi,
> As OpenSSH 8.1 uses protocol 2.0 only, when i use the *sftp *command with '
> *-1*' option (which was intended to use protocol 1)  its is not throwing
> any error and it is using the default protocol 2.0. Is this a bug?

Probably yes. sftp accepts the flag:
		case '1':
			sshver = 1;

and passes it through to ssh(1) as -oProtocol:
	addargs(&args, "-oProtocol %d", sshver);

which then silently ignores it in readconf.c:
	{ "protocol", oIgnore }, /* NB. silently ignored */

We should probably make it consistent with ssh and scp's handling.

Index: sftp.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.197
diff -u -p -r1.197 sftp.c
--- sftp.c	23 Jan 2020 07:10:22 -0000	1.197
+++ sftp.c	26 Feb 2020 07:30:50 -0000
@@ -2330,7 +2330,7 @@ main(int argc, char **argv)
 {
 	int in, out, ch, err, tmp, port = -1;
 	char *host = NULL, *user, *cp, *file2 = NULL;
-	int debug_level = 0, sshver = 2;
+	int debug_level = 0;
 	char *file1 = NULL, *sftp_server = NULL;
 	char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL;
 	const char *errstr;
@@ -2395,12 +2395,10 @@ main(int argc, char **argv)
 			debug_level++;
 			break;
 		case '1':
-			sshver = 1;
-			if (sftp_server == NULL)
-				sftp_server = _PATH_SFTP_SERVER;
+			fatal("SSH protocol v.1 is no longer supported");
 			break;
 		case '2':
-			sshver = 2;
+			/* accept silently */
 			break;
 		case 'a':
 			global_aflag = 1;
@@ -2505,7 +2503,6 @@ main(int argc, char **argv)
 			addargs(&args, "-l");
 			addargs(&args, "%s", user);
 		}
-		addargs(&args, "-oProtocol %d", sshver);
 
 		/* no subsystem if the server-spec contains a '/' */
 		if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list