Your message dated Wed, 7 May 2025 16:33:51 +0200
with message-id <[email protected]>
and subject line Re: Bug#1006171: Acknowledgement (Make internal-sftp the
default)
has caused the Debian Bug report #1006171,
regarding Make internal-sftp the default
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1006171: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006171
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssh-server
Version: 1:8.8p1-1
Currently the standalone OpenSSH sftp-server is used as default SFTP
subsystem, set via /etc/ssh/sshd_config. This implies a dependency on
the openssh-sftp-server package and means that every SFTP connection
spawns a new external process, while sshd ships with the internal-sftp
in-process SFTP server, which perform better when dealing with many
short duration connections and simplifies the ChrootDirectory usage to
not require any manual /dev node setup.
Legacy SSH1 clients pass an exact SFTP command, hence will still depend
on openssh-sftp-server or any alternative standalone SFTP server, also
internal-sftp means that the login shell is skipped in the first place.
But the need for both are edge cases, the use of SSH1 IMO worth to be
actively discouraged, and the vast majority of OpenSSH SFTP server
admins will benefit from this change, at least to not require a config
change that is part of very most SFTP guides around the internet,
reasonably.
Forgive me if this discussion was already done, but I couldn't find it
within the Debian bug tracker at least.
Best regards,
Micha
--- End Message ---
--- Begin Message ---
I agree the reasons behind upstream default are legit and it makes sense
for Debian to follow upstream defaults as much as possible, unless there
are reasons special in Debian environments.
I am annoyed as well by the fact that sshd_config itself needs to be
edited to change the subsystem, and as well to unset AcceptEnv as I do
not want clients to pass locale variables. But this is a different issue.
--- End Message ---
