> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Peter Stuge > Sent: Tuesday, October 20, 2009 10:43 AM > To: [email protected] > Subject: Re: quote commands in sftp First, let me thank you for this lengthy and informative mail. It is very helpful. > I understand! I think it would be helpful for you to be able > to work with a development system (maybe you can use > virtualization, so a physical machine is not required?) which > would allow you to work, experiment and test more freely, > trying various versions and packages, in order to make > development quicker, easier and overall better. I found > usermode linux (UML) very easy to use: > http://user-mode-linux.sourceforge.net/ > > All that is needed is a large file accessible by your user, > which will be the root filesystem of the user-mode Linux > system. Inside the user-mode Linux system you will be root.
Ah! This is a very interesting distribution. When free, I'd like to play with it. > It is very important to find the corresponding documentation > for all packages, in order to have correct information. In > the source code that you used to build the static curl > program there should also be a directory docs/ with the man > page for that version, in both man, HTML and PDF format. You > can view the man page by running: > > man docs/curl.1 Great, it works! > A fundamentally different technology is required in order to > implement this functionality. curl only uses SFTP when > communicating with the server otherwise, but this would > require executing a command which the client specifies. > > Some times it is desirable to allow SFTP access to a system, > but to disallow the possibility to execute arbitrary commands > via SSH, then this command would not work in curl, even > though SFTP is working. > > Also there are more error sources when a command needs to be > executed than when the communication only uses the SFTP > protocol. (A shell must be configured, the path for the rm > program needs to be correct, what if the server is a Windows > system where the command is actually called deltree, or what > if the server is a supercomputer running neither UNIX nor > Windows? Etc etc.) Got it. The quote commands curl/libcurl can interprete are limited by SFTP's SSH_FXP_[XXX] requests, defined in http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13. > Good question. The only suggestion I have is to look at how > the SSH server presents itself when a client connects. > Because SSH and SFTP are very close to each other, the SFTP > server normally comes together with the SSH server. Using a > plain text TCP connection (you can use telnet, nc, or another > similar tool) connect to the SSH server on port 22 and see > what it says. Here's what my laptop responds: > > $ nc localhost 22 > SSH-2.0-OpenSSH_5.2 This works for me: ======================================== q...@durian(pts/0):~/opensrc[118]$ nc localhost 22 SSH-2.0-OpenSSH_4.3 ======================================== Clearly, the SSH service is provided by OpenSSH. :-) > libssh2 can also report this string if tracing is enabled, > and the OpenSSH client will report the server identity if you > run ssh with the -v parameter when connecting to a server. This also works: ======================================== q...@durian(pts/0):~/opensrc[121]$ ssh -v 13.198.98.190 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 ======================================== The same thing. > This suggests that you are working on an SFTP client which > will connect out from the printer, rather than a server on > the printer. I know at least two other SFTP client > implementations; OpenSSH's sftp, and PuTTY's psftp. PuTTY's psftp is not implemented through libssh2. And FileZilla is doing sftp stuff with PuTTY's psftp. But, except for the server, does OpenSSH also have its own sftp client? Never heard of it. :-( > No matter which client codebase you choose I would like to > request that you consider enabling several different types of > authentication in the client. In some cases simple password > authentication is not desirable or possible (the FreeBSD > default setting is to not allow the SSH password > authentication method, only keyboard-interactive is allowed, > which basically requires that a human answers security > questions from the server) and personally I always consider > public key authentication to be a big benefit, because it > allows a very precise permission policy to be implemented on > the server side. The customer now is only interested in encrypting the ftp data in the network. For now, username/password authentication is enough. But, you are correct. Sooner or later, we will add the safer public key authentication. > > In my eyes, the second approach is simpler. What's your opinion, > > Peter? > > It's not a simple question. There are advantages to both > approaches, and which way is best will depend on many things. > Personally I prefer to use as few components as possible to > accomplish a task, because it minimizes problem sources and > maximizes performance. But there is also a tradeoff for > development time. If libcurl is much simpler for you to use, > and it will get the job done, then it seems like a good > choice. I have used libcurl with great success, but that was > for a web connection. For SFTP I would prefer libssh2 because > (I think) there is greater control, and it will reduce the > number of overall components. Also, if there are any issues > with SFTP that I would need to fix to finish the project then > they will be in libssh2, so why not go directly to the source > to begin with. The implementation through libcurl looks simpler, because it can be done through a series of operations like curl_easy_init(), curl_easy_setopt(), and curl_easy_perform(). What I need to do is only to provide a correct URL. The APIs are simple and straightforward. Yes, it wraps around libssh2, and poses more risk than to use libssh2 directly. But, I must admit my knowledge with libssh2 is very limited, and don't have much confidence in handling it. > > Besides libcurl, is there any other application which is using > > libssh2 to implement SFTP transfer? > > I really don't know. I haven't heard of very many. Neil was > working on something, and he has a data transfer issue which > isn't resolved yet. I think it would be fun to learn about > more vendors and products which are (planning on) using libssh2! Oh, yes. I am eager to know any application implementing SFTP directly with libssh2. It is a chance for me to learn something. :-) Thanks a lot, Xu Qiang _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
