As of Sunday evening, OpenSSH has an interactive sftp client. It should be in the more recent snapshots. It would be appreciated if you could test new client and find all the bugs :) Please also have a read of the manpage and ensure that it matches what is implemented. I am working on fixing the ones that I know about, so please try to stay up to date with the snapshots. Thanks, Damien Miller -- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of Shakespeare. Now, thanks to the Internet, / | we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
On Tue, Feb 06, 2001 at 03:53:12PM +1100, Damien Miller wrote:> As of Sunday evening, OpenSSH has an interactive sftp client. It should > be in the more recent snapshots.That's great Damien! Now, how hard would it be to turn this into a non-interactive client? This would yield the functionality of scp without having to grant shell access. Thanks, -- Jos Backus _/ _/_/_/ "Modularity is not a hack." _/ _/ _/ -- D. J. Bernstein _/ _/_/_/ _/ _/ _/ _/ josb at cncdsl.com _/_/ _/_/_/ use Std::Disclaimer;
On Tuesday, February 06 2001, Damien Miller said:> As of Sunday evening, OpenSSH has an interactive sftp client. It should > be in the more recent snapshots.Yay! One more nail in the coffin of insecure protocols :)> It would be appreciated if you could test new client and find all the > bugs :) Please also have a read of the manpage and ensure that it > matches what is implemented.Unfortunately, hitting some bugs with current CVS against sftp-server from the same CVS checkout. If you try to change to a non-existent directory, your next command always leads to a "xfree: NULL pointer given as argument" and sftp exiting Trying to GET any files gives me "Couldn't close file: No Such File" Versus the sftp-server in 2.3.0p1, the client just fails horribly, hanging at the end of an ls, and showing the same symptoms as against the current CVS sftp-server for a get. Not sure if that's expected or not :) Jeremy -- Jeremy Katz katzj at linuxpower.org | jlkatz at eos.ncsu.edu http://linuxpower.org | Developer, NCSU Realm Kit for Red Hat Linux GPG fingerprint: 367E 8B6B 5E57 2BDB 972A 4D73 C83C B4E8 89FE 392D -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010205/89dd0087/attachment.bin
On Tue, Feb 06, 2001 at 03:53:34PM +1100, Damien Miller wrote:> As of Sunday evening, OpenSSH has an interactive sftp client. It should > be in the more recent snapshots. > > It would be appreciated if you could test new client and find all the > bugs :) Please also have a read of the manpage and ensure that it > matches what is implemented.Hmm, I just wanted to download the snapshot, but on bass.directhit.com I am only asked for username/password authenication for "c1hvd"... Best regards, lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Tue, Feb 06, 2001 at 03:53:34PM +1100, Damien Miller wrote:> As of Sunday evening, OpenSSH has an interactive sftp client. It should > be in the more recent snapshots. > > It would be appreciated if you could test new client and find all the > bugs :) Please also have a read of the manpage and ensure that it > matches what is implemented. > > I am working on fixing the ones that I know about, so please try to > stay up to date with the snapshots.Just hit another problem. When connecting with openssh-sftp to the sftp-server the sftp-server process remains in memory after exiting the client, waiting for input. sftp-server on i686-pc-cygwin, sftp-client on i686-pc-cygwin and i686-pc-linux-gnu The same does not happen when using the ssh.com sftp client. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Lutz Jaenicke wrote:> Hmm, I just wanted to download the snapshot, but on > bass.directhit.com > I am only asked for username/password authenication for "c1hvd"... >hmm !?!?!, --------------------------------- #!/bin/sh cd `dirname $0` pwd cvs -d :pserver:cvs at bass.directhit.com:/cvs login cvs -d :pserver:cvs at bass.directhit.com:/cvs co openssh_cvs cvs -d :pserver:cvs at bass.directhit.com:/cvs logout --------------------------------- just pres enter for password
sftp as non root user -> Received message too long 1752132965 and part of log is: ----------------------------------------- ................. debug: channel 0: new [client-session] debug: send channel open 0 debug: Entering interactive session. debug: callback start debug: client_init id 0 arg 0 debug: Sending subsystem: sftp debug: clientloop_set_session_ident: id 0 debug: callback done debug: channel 0: open confirm rwindow 0 rmax 16384 debug: channel 0: chan_delete_if_full_closed2: istate 1 ostate 16 ...... debug: channel 0: chan_delete_if_full_closed2: istate 1 ostate 16 debug: channel 0: rcvd adjust 32768 debug: channel 0: chan_delete_if_full_closed2: istate 1 ostate 16 ...... debug: channel 0: chan_delete_if_full_closed2: istate 1 ostate 16 Received message too long 1752132965 debug: channel 0: chan_delete_if_full_closed2: istate 1 ostate 16 debug: channel 0: chan_delete_if_full_closed2: istate 1 ostate 16 debug: channel 0: read<=0 rfd 4 len 0 debug: channel 0: read failed debug: channel 0: input open -> drain debug: channel 0: close_read debug: channel 0: input: no drain shortcut debug: channel 0: ibuf empty debug: channel 0: input drain -> closed debug: channel 0: send eof debug: channel 0: chan_delete_if_full_closed2: istate 8 ostate 16 ...... debug: channel 0: chan_delete_if_full_closed2: istate 8 ostate 16 debug: channel 0: write failed debug: channel 0: output open -> closed debug: channel 0: close_write debug: channel 0: chan_delete_if_full_closed2: istate 8 ostate 128 debug: channel 0: send close debug: channel 0: chan_delete_if_full_closed2: istate 8 ostate 128 ...... debug: channel 0: chan_delete_if_full_closed2: istate 8 ostate 128 debug: channel 0: rcvd close debug: channel 0: chan_delete_if_full_closed2: istate 8 ostate 128 debug: channel 0: full closed2 debug: channel_free: channel 0: status: The following connections are open: #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1) ......................
On Tue, 6 Feb 2001, Damien Miller wrote: Minor manpage error: --- sftp.1~ Sun Feb 4 14:20:19 2001 +++ sftp.1 Tue Feb 6 20:44:41 2001 @@ -60,8 +60,8 @@ .Xr ssh 1 . .El .Sh INTERACTIVE COMMANDS -Once in interactive mode -.Nm , +Once in interactive mode, +.Nm understands a set of commands similar to those of .Xr ftp 1 . Commands are case insensitive. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
Yep, my fault (I was protecting other pages on the site), it should be all fixed now! -Rob On Tue, 6 Feb 2001, Lutz Jaenicke wrote:> On Tue, Feb 06, 2001 at 03:53:34PM +1100, Damien Miller wrote: > > As of Sunday evening, OpenSSH has an interactive sftp client. It should > > be in the more recent snapshots. > > > > It would be appreciated if you could test new client and find all the > > bugs :) Please also have a read of the manpage and ensure that it > > matches what is implemented. > > Hmm, I just wanted to download the snapshot, but on > bass.directhit.com > I am only asked for username/password authenication for "c1hvd"... > > Best regards, > lutz >
On Tue, Feb 06, 2001 at 02:28:44PM -0500, Rob Hagopian wrote:> Yep, my fault (I was protecting other pages on the site), it should be all > fixed now! > -RobSorry, the problem is still not solved. When testing make sure to exit Netscape, as it caches authentication data and there is no other way to re-initialize than exiting. I have switched to CVS access now. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Damien Miller wrote:> yOn Wed, 7 Feb 2001, Roumen Petrov wrote: > > >>> What banner? What does it say? >> >> Damien problem is very strange. >> if first argument to execve is bash I receive 'home+real data' for . >> if first argumennon root users is sh all is ok ( only real data ) . > > > Are you sure there is nothin in /etc/profile, /etc/bashrc or ~/.bashrc > which might be printing this? IIRC bash may source different files > depending on what name it is called by. > > -dYou has right execve execute interactive shell ( not login shell ) I check only /etc/profile and $HOME/.bash_profile. but my .bashrc for interactive shell print some messages. Damien, has you idea what is broken ( see atached C file ) bash only by test 3 print to stdout echo commands from $HOME/.bashrc PROBLEM is in BASH and SSH_CLIENT env.var. !!!!!!!!! -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: xx.c Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010207/375b3100/attachment.c
This is a good thing to have in a csh .cshrc .. I guess you'd do similar for those evil SV based shells :) if ($?USER == 0 || $?prompt == 0) exit Carl> From: Damien Miller <djm at mindrot.org> > To: Roumen Petrov <roumen.petrov at skalasoft.com> > Cc: mouring at etoh.eviladmin.org, openssh-unix-dev at mindrot.org > > On Thu, 8 Feb 2001, Roumen Petrov wrote: > > > > 3.) > > My result is: > > ----------------------------- > > Executing /.bashrc ... > > /root/.bashrc > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > 4.) > > And result from 'sftp localhost' is: > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Connecting to localhost... > > ...... > > Received message too long 1165518179 > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > 5.) > > info: 1165518179 = 0x45786563 = "Exec" !!!! > > This is what I have been trying to tell you, note that the above will > also break r{sh,exec} based programs and sftp. > > Your shell initialisation should not print *anything* if your shell is > not interactive. > > -d > > -- > | Damien Miler <djm at mindrot.org> \ ``E-mail attachments are the poor man's > | http://www.mindrot.org / distributed filesystem'' - Dan Geer > > >
>> > info: 1165518179 = 0x45786563 = "Exec" !!!! >> >> This is what I have been trying to tell you, note that the above will >> also break r{sh,exec} based programs and sftp. >> >> Your shell initialisation should not print *anything* if your shell is >> not interactive. >> >I have to agree here. This goes for any shell.. csh, tcsh, bash, ksh, >ksh93, etc.. > >I really wish we could drop the requirement for the user's shell for >subsystem and require the admin to build a sane {PREFIX}/etc/enviroment >file (and let users override things in their ~/.ssh/enviroment. Because >the subsystems can't really use the shell for anything useful. It just >sucks off the enviroment variables.Can you please go and voice that point of view on the ietf mailing list (if you haven't already done so) for SSH in reference to subsystems in general and the file-xfer draft in particular. In case you don't know the list is at ietf-ssh at clinet.fi. I am of the same opnion as I believe it is an implmenation issue but some people were trying to say it should be advice in the draft that subsystems do it. Personally I'm dead against it, normal ftp doesn't do it so why should sftp. Ta -- Darren J Moffat
On Fri, Feb 09, 2001 at 04:52:34PM +0200, Roumen Petrov wrote:> > > Damien Miller wrote: > > > On Thu, 8 Feb 2001, Roumen Petrov wrote: > > > ... > > >> Received message too long 1165518179 > ... > > > This is what I have been trying to tell you, note that the above will > > also break r{sh,exec} based programs and sftp. > > > > Your shell initialisation should not print *anything* if your shell is > > not interactive. > > > I found very useful my $HOME/.bashrc to print some messages !but only for interactive shells. if .bashrc prints messages it will break: rcp scp rsync cvs and so on.
On Fri, Feb 09, 2001 at 04:52:34PM +0200, Roumen Petrov wrote:> I found very useful my $HOME/.bashrc to print some messages !try printing to stderr if you need to print.
Markus Friedl wrote:> On Fri, Feb 09, 2001 at 04:52:34PM +0200, Roumen Petrov wrote: > >> >> Damien Miller wrote: >> >> >>> On Thu, 8 Feb 2001, Roumen Petrov wrote: >>> >> >> ... >> >> >>>> Received message too long 1165518179 >>> >> ... >> >> >>> This is what I have been trying to tell you, note that the above will >>> also break r{sh,exec} based programs and sftp. >>> >>> Your shell initialisation should not print *anything* if your shell is >>> not interactive. >>> >> >> I found very useful my $HOME/.bashrc to print some messages ! > > > but only for interactive shells. > > if .bashrc prints messages it will break: > rcp > scp > rsync > cvs > > and so on.Printing some messages from $HOME/.bashrc break only OpenSSH utilites and not SSH.COM !!! I might use in future ssh from ssh.com.
>On Thu, Feb 08, 2001 at 09:57:48PM -0600, mouring at etoh.eviladmin.org wrote: >> I really wish we could drop the requirement for the user's shell for >> subsystem > >no, i don't want to drop this. > >the shell sets umask or is used for access control, e.g. /bin/false.Would you agree that the only reason to run the users shell is to set the umask ? Since you don't like the suggestion of using .ssh/environment (which I agree with since umask is not an environment variable). What about having the umask set in .ssh/rc ? As for the access control I would have to say that this is an abuse of the name service getpwnam() call. This is what PAM was designed for and also what the User/Group list support in sshd is for. Or do you have other reasons for wanting the shell to be run ? -- Darren J Moffat