Hi, I have a different behavior using sftp compared to ftp for a user with a user defined shell on a solaris machine. ftp rejects any user having a user defined shell. sftp is allowing the user with user defined shell, unfortunately as the sftp client bails out saying the following message: "Received message too long 537548147" Is it because the user shell, outputting lot of text? I am OK with this behaviour, if no traces of the initiated session is left behind. But the problem for me is that the user shell is left behind running myuser1 7015 0.1 0.1 1680 1256 ? S 12:38:03 0:00 /bin/csh /bin/my_sh -c /opt/openssh/libexec/sftp As my_sh needs a tty and because of a bug in that, it runs in a while loop and takes up lot of cpu. If only sftp supports only the shells returned from "getusershell" function, sftp would be consistent with ftp and my problem will be solved. Do we have any patch for this? I appreciate any thoughts, comments and help to solve my problem. Thanks Srini
There is one major difference in sftp vs ftp. ftp uses the $SHELL as an "allow or disallow" switch. Where as ssh actually calles the user's $SHELL to run sftp-server. Thus if you have any garabage being displayed during an non-interactive login (Eg output if you run: ssh site.com true) it will stop sftp-server from working correctly. - Ben On Tue, 17 Aug 2004, Srinivas Gopaladasu wrote:> Hi, > > I have a different behavior using sftp compared to ftp for a user with a > user defined shell on a solaris machine. > > ftp rejects any user having a user defined shell. > sftp is allowing the user with user defined shell, unfortunately as the > sftp client bails out saying the following message: > "Received message too long 537548147" > > Is it because the user shell, outputting lot of text? > > I am OK with this behaviour, if no traces of the initiated session is > left behind. > But the problem for me is that the user shell is left behind running > myuser1 7015 0.1 0.1 1680 1256 ? S 12:38:03 0:00 /bin/csh > /bin/my_sh -c /opt/openssh/libexec/sftp > > As my_sh needs a tty and because of a bug in that, it runs in a while > loop and takes up lot of cpu. > > If only sftp supports only the shells returned from "getusershell" > function, sftp would be consistent with ftp and my problem will be solved. > Do we have any patch for this? > > I appreciate any thoughts, comments and help to solve my problem. > > Thanks > Srini > > > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >
On Tue, 17 Aug 2004, Srinivas Gopaladasu wrote:> > Ben Lindstrom wrote: > > >There is one major difference in sftp vs ftp. > > > >ftp uses the $SHELL as an "allow or disallow" switch. Where as ssh > >actually calles the user's $SHELL to run sftp-server. > > > Can you provide any info, why the difference? >Because ftpd listens on 21 directly. Where sftp basicly does 'ssh site.com sftp-server' (Ignoring details of subsystems to simplify stuff). Thus it talks to ssh which then runs the sftp-server program. Same is true for scp.> >Thus if you have any garabage being displayed during an non-interactive > >login (Eg output if you run: ssh site.com true) it will stop sftp-server > >from working correctly. > > > > Any suggestion, how I can solve my problem? >As stated: ssh site.com true You should get like: $ ssh site.org true Enter passphrase for key '/private/home/mouring/.ssh/id_dsa': $ the below depending on if you have public key setup or not. $ ssh site.org true Password: $ If you get anything else you need to look at your shell startup scripts. And clean them out. This was much has already been coverted in http://www.openssh.com/faq.html#2.9 - Ben
in bash, you can check if the variable $- includes the letter i in it. If it does, then its interactive. If you check the man page for your shell, it should tell you how to determine if it is interactive. It is likely something similar. For example, in many shells you can check if the prompt variable is set ($PS1 in bash). You can also check if stdout is a tty. If it is interactive, it almost certainly is, and if it is not, then it almost certainly is not. (though both are possible.) I just noticed that you said your shell requires a tty... Why? You said your shell was "rc"? take a look at http://www.star.le.ac.uk/~tjg/rc/ There is also a mailing list that you can ask on for the specifics of your shell and how to tell if it is interactive. May I ask why you have output from the shell anyway? JP P.S. I've cc'd the list again. :-) On 18 Aug 2004, at 09:40, Srinivas Gopaladasu wrote:> I am not sure how I find out if the shell is launched interactively or > non-interactively? > > John Davidorff Pell wrote: >> the shell is broken, or the user's rc files are broken. A shell >> should not output any text if it is run as non-interactive. >> >> On 17 Aug 2004, at 12:46, Srinivas Gopaladasu wrote: >>> [...] >>> the sftp client bails out saying the following message: >>> "Received message too long 537548147" >>> >>> Is it because the user shell, outputting lot of text? >>> [...] >>> As my_sh needs a tty and because of a bug in that, it runs in a >>> while loop and takes up lot of cpu. >>> [...]-- Blood is thicker than water... and much tastier. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2426 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040819/2df1979e/attachment.bin