Non-shell accounts and scp/sftp
Damien Miller
djm at mindrot.org
Tue Dec 12 13:07:34 AEDT 2023
On Mon, 11 Dec 2023, Philip Prindeville wrote:
>
>
> > On Dec 10, 2023, at 10:41 PM, Damien Miller <djm at mindrot.org> wrote:
> >
> > On Fri, 8 Dec 2023, Darren Tucker wrote:
> >
> >> On Fri, 8 Dec 2023 at 07:39, Philip Prindeville
> >> <philipp_subx at redfish-solutions.com> wrote:
> >> [...]
> >>> Problem is that if their default shell isn't sh, ash, dash, bash, zsh, etc. then things break.
> >>> Is there a workaround to allow scp/sftp to continue to work even for non-shell accounts?
> >>
> >> sftp should work regardless of the user's shell since it is invoked as
> >> a ssh subsystem which is independent of the shell channel.
> >
> > I'm pretty sure sshd executes subsystems using the user's configured
> > shell.
> >
> > You should be able to use "Subsystem sftp internal-sftp" to skip the
> > shell though.
> >
> > -d
>
>
> I configured the server for "Subsystem sftp sftp-internal" but still not working:
>
>
> pprindeville at ubuntu-ng:~/work/tnsr-pkgs$ scp -s -vvvv Makefile pprindeville2 at 172.21.12.17:/tmp/
yeah, because you're 1) using scp and not sftp and 2) using an old (OpenSSH
<9.0) version of scp that doesn't use the SFTP protocol under the hood.
protocol. That changed in OpenSSH 9.0.
> OpenSSH_8.9p1 Ubuntu-3ubuntu0.4, OpenSSL 3.0.2 15 Mar 2022
More information about the openssh-unix-dev
mailing list