Re: SSH1 authentication for SFTP

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 12/02/03

• Next message: Christian Gorecki: "Re: rsa + passwd authentification"
• Previous message: Christian Gorecki: "rsa + passwd authentification"
• In reply to: ludovic LECLERC: "SSH1 authentication for SFTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 02 Dec 2003 10:09:19 GMT

In article <773f08cd.0312011014.1d1c214e@posting.google.com>,
ludovic LECLERC <ludovic.leclerc@col.bsf.alcatel.fr> wrote:
>I would like to use sftp in SSH1 mode. It works fine using "-1" option
>but I don't understand why sftp doesn't take into account options in
>ssh_config where I put the line "Protocol 1" without any effect (only
>used by ssh ?) ?.....

I assume you're referring to OpenSSH.

Short answer: sftp doesn't read ssh_config and friends.

Longer answer:
It has to do with the way sftp is invoked between SSHv1 and SSHv2. (SFTP,
BTW, is defined in the SSH2 protocol and isn't part of SSH1.)

For SSHv2, sftp-server is invoked as a "subsystem" whereas for SSHv1 it's
exec'ed directly. You end up with sftp running something like this:
ssh -1 servername /path/to/sftp-server, or
ssh -2 servername -s sftp-server

So by the time ssh knows whether or not it's dealing with a v1 or a v2
server, it's too late to change the -s ("subsystem") flag.

There was some talk about changing ssh's flags so it had enough
information to run either run the subsystem or the executable once it
knows if it's dealing with v1 or v2. The question is: should it be
changed? SFTP isn't part of SSHv1 and it only works as a kind of hack
(it won't work, for example, if client and server have sftp-server in
different locations).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Next message: Christian Gorecki: "Re: rsa + passwd authentification"
• Previous message: Christian Gorecki: "rsa + passwd authentification"
• In reply to: ludovic LECLERC: "SSH1 authentication for SFTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Batch job to perform sftp transfer ... It relies on copying datasets to temporary HFS files ... I used /bin/cat with ssh so that I could transfer the data and pipe it to ... The IBM version of sftp doesn't support datasets, ... Batch job to perform sftp transfer ... (bit.listserv.ibm-main) Re: SPAM sudden increase ... up ssh for some sftp session and saw something odd... ... Dude was on a tech call with f-secure and the tech asked, "So, are you ... To which the dude replied, "Yeah, I'm ... (alt.2600) Re: SFTP is not working ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ... (comp.security.ssh) Re: Secure file transfer ... We're talking about SFTP, which is a variant how to use SSH to secure the ... FTP protocol. ... is it better to use AUTH SSL or SSH/SFTP?" ... (comp.security.misc) Re: Good sftp server? ... >SSH for OpenVMS is capable of doing text transfers. ... >colon on them unless you are using our SFTP client... ... version of the server (and is something I complained about to Multinet ... files between MacOS X and VMS, and use a directory structure on the Mac ... (comp.os.vms)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint