Re: ssh and scp access

Thu, 12 Oct 2006 17:34:33 -0700 

At 4:02 PM -0500 2006/10/12, Mike Schienle wrote:

On Oct 12, 2006, at 3:43 PM, Scot Hacker wrote:



On Oct 12, 2006, at 1:38 PM, Tim Gray wrote:


but can you have ssh without sftp and scp?


In this case, I do have ssh and scp, but not sftp.
No. Not that I know of anyway. Same port, same service. If ssh is allowed, then so is SFTP.
Clearly, I'm no expert on this, but if you turn on the ssh daemon, you don't have to turn on the sftp daemon. I think that's the situation I'm dealing with. 

From a system that allows sftp:
[EMAIL PROTECTED] ps -ax | grep -i ftp
28509 ?        S      0:01 /usr/libexec/openssh/sftp-server
25545 ?        S      0:00 /usr/libexec/openssh/sftp-server
[and several more]
[EMAIL PROTECTED] ps -ax | grep -i ssh | grep -v ftp
 9942 ?        S      7:18 /usr/sbin/sshd
32130 ?        S      7:22 /usr/sbin/sshd
[and several more]

From a system that does not allow sftp:
[EMAIL PROTECTED] ps -ef | grep -i ftp
mschienl 15900  1421  0 16:00 pts/2    00:00:00 grep -i ftp
[EMAIL PROTECTED] ps -ax | grep -i ssh | grep -v ftp
31489 ?        S      0:00 /usr/local/sbin/sshd
27864 ?        S      0:00 /usr/local/sbin/sshd
[and several more]


        sftp service is implemented as an external program.


[EMAIL PROTECTED]:~$ grep sftp /etc/sshd_config
Subsystem       sftp    /usr/libexec/sftp-server
[EMAIL PROTECTED]:~$ ls -l /usr/libexec/sftp-server
-rwxr-xr-x   1 root  wheel  40168 Aug  4 15:43 /usr/libexec/sftp-server
Note that neither sftp nor scp actually does any encryption -- they're simple file transfer tools as close as possible to the ftp & rcp command sets. They derive all their security from being run through an ssh connection. 


                                                Chris
PS-If you have ssh access, you could compile your own sftp-server, or copy one from elsewhere and probably write a per-user config file to use yours. Left as an exercise for the reader. 
--
Chris Pepper:               <http://www.reppep.com/~pepper/>
                            <http://www.reppep.com/weblog/pepper/>
Rockefeller University:     <http://www.rockefeller.edu/>

--
------------------------------------------------------------------
Have a feature request? Not sure the software's working correctly?
If so, please send mail to <[EMAIL PROTECTED]>, not to the list.
List FAQ: <http://www.barebones.com/support/lists/bbedit_talk.shtml>
List archives: <http://www.listsearch.com/BBEditTalk.lasso>
To unsubscribe, send mail to:  <[EMAIL PROTECTED]>

Reply via email to