On Sun, Feb 20, 2022 at 02:46:50PM +0100, MichaIng wrote: > Currently the standalone OpenSSH sftp-server is used as default SFTP > subsystem, set via /etc/ssh/sshd_config. This implies a dependency on the > openssh-sftp-server package and means that every SFTP connection spawns a > new external process, while sshd ships with the internal-sftp in-process > SFTP server, which perform better when dealing with many short duration > connections and simplifies the ChrootDirectory usage to not require any > manual /dev node setup. > > Legacy SSH1 clients pass an exact SFTP command, hence will still depend on > openssh-sftp-server or any alternative standalone SFTP server, also > internal-sftp means that the login shell is skipped in the first place. But > the need for both are edge cases, the use of SSH1 IMO worth to be actively > discouraged, and the vast majority of OpenSSH SFTP server admins will > benefit from this change, at least to not require a config change that is > part of very most SFTP guides around the internet, reasonably.
I haven't done this mainly because if the default is to be changed it should be changed upstream; they're better placed to be aware of corner cases that might cause regressions if changing the default. I'd encourage you to file this on https://bugzilla.mindrot.org/ instead. (SSH 1 is not an issue, since the code to support it has been removed from the server anyway, so you should probably omit that part from your upstream report.) -- Colin Watson (he/him) [[email protected]]
