SCP in SFTP mode

James Ralston ralston at pobox.com
Mon Feb 7 07:59:51 AEDT 2022


On Fri, Feb 4, 2022 at 10:36 AM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:

> Red Hat Enterprise Linux 8 series is based on OpenSSH 8.0, which is
> rather old.
>
> Soon after the OpenSSH 8.0 was published, the upstream introduced a
> server-side fix for sftp, which changes the use of POSIX realpath
> (on Linux) to the OpenBSD one with various quirks:
>
> https://github.com/openssh/openssh-portable/commit/569b650f93b561c09c655f83f128e1dfffe74101
>
> If the OpenBSD realpath is in use on the server, the current master
> successfully copies directories using scp in SFTP mode. Otherwise
> problems occur.
>
> As RHEL 8 series will definitely be in wide use for several more
> years, I kindly ask the OpenSSH upstream to consider this patch,
> which is trying to workaround the server side on the client side:
>
> https://github.com/openssh/openssh-portable/pull/299
>
> It's a slightly tidied up version of the POC patch I've sent to this
> ML before.

Something else to consider: RHEL8 is still in Full Support phase:

https://access.redhat.com/support/policy/updates/errata/

While Red Hat almost never updates software packages to new versions
within the same release of RHEL, Red Hat will frequently apply
patches, so long as:

1.  The version of RHEL for which you are requested the patch is still
    under the Full Support phase.

2.  The patch has already been accepted by upstream; that is, you are
    requesting a backport of a feature / bugfix that was officially
    added to the package after that version of RHEL shipped.

Both of these are true for RHEL8: RHEL8 is under Full Support through
2024, and the patch in question is part of the official OpenSSH
portable distribution.  The patch is also small and reasonably
self-contained.

While it would be nice if later OpenSSH sftp client versions could
work around OpenSSH sftp server versions that still use the POSIX
realpath() function instead of the OpenBSD sftp_realpath() function,
fixing the RHEL8 sftp server would be nice, too.

What I normally do in cases like this is open a polite and thorough
Bugzilla bug to request the feature/patch, then open a Red Hat support
case and refer to the Bugzilla bug.  I’ve had pretty good success over
the years getting fixes into RHEL with this approach.


More information about the openssh-unix-dev mailing list