tag 504290 + patch
retitle 504290 openssh-server: The sftp-server binary should have its own
package
kthxbye
Hi,
First a note about the retitling: I retitled the bug, because the
previous title was ambiguous and the text of the bug report clearly
talks about the SFTP server side and not client side:
Stefan Monnier monn...@iro.umontreal.ca wrote:
the /usr/lib/sftp-server binary should be moved to a separate
package. The reason for it is that it is very useful in conjunction
with other ssh servers such as dropbear.
I'd be happy if that would happen, too, because dropbear doesn't
contain an sftp-server binary and therefore all the sftp based tools
like sshfs don't work with dropbear on the server-side unless you
install (but disable) the whole openssh-server package with all its
dependencies, too.
OpenWRT for example does have a separate sftp-server package and
therefore dropbear can be easily expanded to offer sftp support.
Following a patch against openssh 1:5.5p1-3 which splits off the
sftp-server binary into its own package. Tested with openssh-server
and dropbear on the server side and OpenSSH's sftp on the client side.
diff -ruN openssh-5.5p1.orig/debian/changelog openssh-5.5p1/debian/changelog
--- openssh-5.5p1.orig/debian/changelog 2010-04-28 23:12:49.0 +0200
+++ openssh-5.5p1/debian/changelog 2010-04-29 12:00:09.0 +0200
@@ -1,3 +1,11 @@
+openssh (1:5.5p1-4) unstable; urgency=low
+
+ [ Axel Beckert ]
+ * Split sftp-server into its own package to allow it being used also by
+other SSH server implementations like dropbear. (Closes: #504290)
+
+ -- Axel Beckert a...@debian.org Thu, 29 Apr 2010 10:51:04 +0200
+
openssh (1:5.5p1-3) unstable; urgency=low
* Discard error messages while checking whether rsh, rlogin, and rcp
diff -ruN openssh-5.5p1.orig/debian/control openssh-5.5p1/debian/control
--- openssh-5.5p1.orig/debian/control 2010-04-08 10:33:14.0 +0200
+++ openssh-5.5p1/debian/control2010-04-29 12:03:17.0 +0200
@@ -44,7 +44,7 @@
Priority: optional
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (= 1.2.0) | debconf-2.0,
libpam-runtime (= 0.76-14), libpam-modules (= 0.72-9), adduser (= 3.9), dpkg
(= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (= 3.2-13),
libssl0.9.8 (= 0.9.8g-9), openssh-blacklist, procps
-Recommends: xauth, openssh-blacklist-extra
+Recommends: xauth, openssh-blacklist-extra, openssh-sftp-server
Conflicts: ssh ( 1:3.8.1p1-9), ssh-nonfree (2), ssh-socks, ssh2, sftp,
rsh-client (0.16.1-1), ssh-krb5 ( 1:4.3p2-7)
Replaces: ssh, openssh-client ( 1:3.8.1p1-11), ssh-krb5
Suggests: ssh-askpass, rssh, molly-guard, ufw
@@ -70,6 +70,31 @@
sshd replaces the insecure rshd program, which is obsolete for most
purposes.
+Package: openssh-sftp-server
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Recommends: openssh-server | ssh-server
+Conflicts: openssh-server (= 1:5.5p1-3)
+Replaces: openssh-server (= 1:5.5p1-3)
+Enhances: openssh-server, ssh-server
+Description: secure shell (SSH) sftp server module, for SFTP access from
remote machines
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network. X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It can be used to provide applications with a secure communication
+ channel.
+ .
+ This package provides the SFTP server module for the SSH server. It
+ is needed if you want to access your SSH server with SFTP. The SFTP
+ server module also with other SSH daemons like dropbear.
+
Package: ssh
Priority: extra
Architecture: all
diff -ruN openssh-5.5p1.orig/debian/NEWS openssh-5.5p1/debian/NEWS
--- openssh-5.5p1.orig/debian/NEWS 2010-04-10 02:09:11.0 +0200
+++ openssh-5.5p1/debian/NEWS 2010-04-29 11:52:53.0 +0200
@@ -1,3 +1,12 @@
+openssh (1:5.5p1-4) unstable; urgency=low
+
+ The sftp-server binary has been split out into its own package which is
+ only recommended by openssh-server. If you don't install recommended
+ packages by default, but need SFTP functionality on your SSH server,
+ please install also the new openssh-sftp-server package.
+
+ -- Axel Beckert a...@debian.org Thu, 29 Apr 2010 10:55:40 +0200
+
openssh (1:5.4p1-2) unstable; urgency=low
Smartcard support is now available using PKCS#11 tokens. If you were
diff -ruN openssh-5.5p1.orig/debian/openssh-server.install
openssh-5.5p1/debian/openssh-server.install
--- openssh-5.5p1.orig/debian/openssh-server.install2010-04-08
10:19:25.0 +0200
+++ openssh-5.5p1/debian/openssh-server.install 2010-04-29 10:45:50.0
+0200
@@ -1,6 +1,4 @@