bugzilla-daemon at bugzilla.mindrot.org
2011-May-04 04:24 UTC
[Bug 1899] New: Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899
Summary: Cannot disable sftp-server
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: mail at garygolden.me
Commenting out subsystem directive has no effect.
#Subsystem sftp /usr/lib/openssh/sftp-server
sftp-server is still functional.
That's on debian squeeze.
I'm open to do more tests, but need instructions.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-04 06:10 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2011-05-04
16:10:33 EST ---
Have you SIGHUPed or restarted sshd? the config file is only read at
startup on after a HUP.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-04 06:30 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899 --- Comment #2 from Gary Golden <mail at garygolden.me> 2011-05-04 16:30:42 EST --- Yes, sure. I restart sshd on every file change. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 06:29 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #3 from Damien Miller <djm at mindrot.org> 2011-05-05 16:29:10
EST ---
Can't replicate. I'm pretty sure you are failing to correctly restart
sshd.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 07:16 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2011-05-05 17:16:42 EST --- or editing a config other than the one the daemon is reading. This can happen if you build openssh yourself without telling it to use /etc for its configs (the default is /usr/local/etc/). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 07:56 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899 --- Comment #5 from Gary Golden <mail at garygolden.me> 2011-05-05 17:56:06 EST --- Created attachment 2038 --> https://bugzilla.mindrot.org/attachment.cgi?id=2038 Debug output -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 07:56 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899 --- Comment #6 from Gary Golden <mail at garygolden.me> 2011-05-05 17:56:27 EST --- Here is what I did. 1. Ensured that no other sshd is running: # pgrep -fl sshd 2. Run sshd with debug output # /usr/sbin/sshd -dd Full log is attached. Few lines there is most important. debug2: load_server_config: filename /etc/ssh/sshd_config and after I initiate sftp connection: subsystem request for sftp subsystem request for sftp failed, subsystem not found but, In fact I got directory listing. Can sftp be compiled in by debian developers? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 12:41 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899 --- Comment #7 from Damien Miller <djm at mindrot.org> 2011-05-05 22:41:36 EST --- The lines after the subsystem is refused are: debug1: server_input_channel_req: channel 0 request exec reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req exec It looks like the client is requesting a command execution session, i.e. executing sftp-server directly. You client looks like it is PuTTY, so it might do that implicitly. sshd is doing what you asked - refusing the subsystem but if you are going to allow shell access, there are plenty of ways to achieve exactly the same effect as it. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 12:52 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899 --- Comment #8 from Gary Golden <mail at garygolden.me> 2011-05-05 22:52:06 EST --- Client is filezilla, but I got your point. Indeed, it seems that client is smart enough to emulate sftp session. I removed executable bit from sftp-server binary and connection failed. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-20 00:36 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 05:32 UTC
[Bug 1899] Cannot disable sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1899
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #9 from Damien Miller <djm at mindrot.org> 2011-09-06 15:32:54
EST ---
close resolved bugs now that openssh-5.9 has been released
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 1588] New: sftp client produces
- [Bug 1990] New: sftp segfaults when tab-completing a directory which contains umlauts
- [Bug 1835] New: sftp should fallback to sshv1 if server doesn't support sshv2
- [Bug 1555] New: add hard link and attribute extensions to sftp-server
- [Bug 1687] New: scp/sftp is not working when using key based (authorized_keys2) authentication