[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] SFTP locations
|
From: |
Stephen J. Turnbull |
|
Subject: |
Re: [Gnu-arch-users] SFTP locations |
|
Date: |
Tue, 16 Sep 2003 04:03:40 +0900 |
|
User-agent: |
Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux) |
>>>>> "Jonathan" == Jonathan Walther <address@hidden> writes:
Jonathan> That doesn't make sense then; why is ssh ignoring my
Jonathan> instruction to use protocol 1 that I put in .ssh/config?
It probably is using Protocol 1. Have you run with sftp/ssh -v to see
what it's actually using? The problem is that Protocol 1 does not
provide the support that Protocol 2 does for sftp, so it requires more
trickiness, which tla doesn't do. So you get a Protocol 1 SSH
connection, but then breakage at some later stage of the setup of the
sftp channel that is layered over the SSH connection.
>> I wonder if the answer to Jonathan Walters's question might not
>> be in the "command" option in the authorized_keys file; use
>> /usr/lib/sftp-server there? Cf sshd_config(5).
Jonathan> Can you explain a bit more?
Basically, what happens with (interactive) sftp is that you ssh to the
remote host, and invoke a file browser, which is /usr/lib/sftp-server.
If you get a file, it sends that back over the open channel (ie,
sharing the control == browser connection with the data == file
transfer connection). For this to work reliably, some magic is done
with the protocol, I suppose. This works best in protocol 2 which has
special support for it, called a "subsystem".
In protocol 1, you have to invoke the server directly, since there is
no subsystem support. How this works in detail, I don't know.
Jonathan> The sshd(5) manpage describes the command option, but
Jonathan> I'm not clear on what putting /usr/lib/sftp-server there
Jonathan> would do?
Every ssh login would automatically turn into an sftp session.
Unfortunately, I can't say with any confidence that it would work.
I'm just guessing. I know that "ssh -1 -s $REMOTE
/usr/lib/sftp-server" does not do anything useful for me, but there is
no error and the transport channel is apparently open. Perhaps tla
can use it.
Jonathan> Also, I don't have an authorized savannah key; Savannah
Jonathan> has made my regular key authorized.
If you have a shell account, you just ssh-keygen another key, and add
it to authorized_keys with the appropriate magic for command. If you
can't do that, then you're stuck. And it's possible that Savannah
doesn't allow that; I believe it's possible to turn off the command
facility (or maybe it's the environment-setting facility), although I
don't know why you'd want to.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
- [Gnu-arch-users] SFTP locations, Stephen J. Turnbull, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, duchier, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Stephen J. Turnbull, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Jonathan Walther, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Jonathan Walther, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Jonathan Walther, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Stephen J. Turnbull, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Jonathan Walther, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations,
Stephen J. Turnbull <=
- Re: [Gnu-arch-users] SFTP locations, Jonathan Walther, 2003/09/15
- Re: [Gnu-arch-users] SFTP locations, Stephen J. Turnbull, 2003/09/15
Re: [Gnu-arch-users] SFTP locations, Robert Collins, 2003/09/15