Subsystem sftp invoked even though forced command created
Damien Miller
djm at mindrot.org
Thu Jul 6 09:53:08 AEST 2023
On Wed, 5 Jul 2023, Damien Miller wrote:
> Some possibilities:
>
> 1. the receive.ksh script is faulty in some way that causes it to invoke
> sftp-server
> 2. some changes made by Redhat in the binaries they provided, not present
> in the OpenSSH source we release have broken forced commands.
>
> #2 could be excluded by reproducing the problem using a sshd built from
> source, without redhat's patches.
FWIW, I've rebuilt openssh-7.4 from source and attempted a sftp connection
with a ForceCommand set in sshd_config. The sftp session fails as expected:
[djm at djm ~]$ sftp -oPort=2222 ::1
Authenticated to ::1 ([::1]:2222) using "publickey".
Received message too long 1482184792
Ensure the remote shell produces no output for non-interactive sessions.
Transferred: sent 2260, received 1520 bytes, in 0.0 seconds
Bytes per second: sent 614738.3, received 413452.3
On the server side:
debug2: subsystem request for sftp by user djm
debug1: subsystem: exec() /usr/libexec/sftp-server
Starting session: forced-command (config) '/tmp/xxx' for djm from ::1 port 32870 id 0
More information about the openssh-unix-dev
mailing list