Possible options that a ssh subsystem can do when client allocate pty via pty-req when its protocol doesn't expect it
jefflad at yahoo.ca
Thu Jul 9 05:00:41 AEST 2020
I have a subsystem which is intended to be directly connected to the ssh server via pipes.
Similar to stfp/scp
However if the client side allocated a pty via "pty-req" just prior to invoking the subsystem this will cause the subsystem protocol to appear to be broken do to the allocated pseudo-terminal and resulting line discipline device.
I did not find any evidence of the sftp service side code doing any validation of its stdin/stdout to confirm if they were connected to a tty device isatty().
Some of the options my subsystem could do:
1. exit the subsystem if a pty was allocated for its session. i.e SSH_TTY is set for example.
2. reconfigure the line discipline setting in order to still make the protocol still work. (ex: stty -opost). This would probably be unacceptable since the client is fully capable of doing this configuration and any re-configuration by the server may interfere which the clients configuration.
3. Are there any options in OpenSSH to "undo the pty" allocation and revert to a non-pty command ? I can use the PermitTTY=no setting, but this cannot be isolated to this subsystem.
4. do nothing and consider this a garbage in/garbage out use-case.
Furthermore, in my use-case the same ssh listening port is used for both regular shell access as well as subsystem access. Therefore in the case of regular shell access a PTY is required.
More information about the openssh-unix-dev