[scponly] Intermittently working sftp - work-around fix
Kaleb Pederson
kaleb.pederson at gmail.com
Mon Jun 15 16:18:51 EDT 2009
On Mon, Jun 15, 2009 at 1:02 PM, Whit Blauvelt<whit at transpect.com> wrote:
> Found a fix. If in /etc/ssh/sshd_config I change
>
> Subsystem sftp /usr/lib/openssh/sftp-server
>
> to
>
> Subsystem sftp internal-sftp
>
> then scponly works dependably. This of course is using a newer feature of
> OpenSSH designed to support its own version of an sftp chroot.
>
> What are the pros and cons of just using that built-in mechanism now
> (described for instance at
> http://blogs.techrepublic.com.com/opensource/?p=229)? In initial testing it
> also works dependably. It looks like the _only_ thing it does may be sftp,
> which would give an advantage to scponly if other modes are needed.
If you only need chrooted sftp functionality, I'd recommend the
built-in OpenSSH approach.
I've considered it for a while and cannot come up with any reasonable
reasons why scponly would break in your scenario. I don't believe I've
changed anything in scponly that would change the behavior your
experiencing, you're welcome to try the current CVS to see if it works
for you.
Please let me know if you do.
Thanks.
--Kaleb
More information about the scponly
mailing list