[scponly] Intermittently working sftp - work-around fix
Whit Blauvelt
whit at transpect.com
Mon Jun 15 16:02:16 EDT 2009
Found a fix. If in /etc/ssh/sshd_config I change
Subsystem sftp /usr/lib/openssh/sftp-server
to
Subsystem sftp internal-sftp
then scponly works dependably. This of course is using a newer feature of
OpenSSH designed to support its own version of an sftp chroot.
What are the pros and cons of just using that built-in mechanism now
(described for instance at
http://blogs.techrepublic.com.com/opensource/?p=229)? In initial testing it
also works dependably. It looks like the _only_ thing it does may be sftp,
which would give an advantage to scponly if other modes are needed.
There is an advantage regarding this bug:
http://www.gossamer-threads.com/lists/openssh/bugs/46158
An attempt to log in via ssh on a scponly account gets dropped properly,
while the attempt via the OpenSSH match function hangs - that's using
internal-sftp for both.
The OpenSSH on the system that had the problem is OpenSSH_5.1p1
Debian-3ubuntu1 btw.
Best,
Whit
More information about the scponly
mailing list