All, Just curious - is it really necessary to STAT the subsystem prior to invocation by the user? If not, would it be considered as a possible option for each subsystem in the conf?
Before I'm jumped on about changes to conf format, I'm suggesting an optional, default yes* toggle appended to the end of the existing subsystem entries, ala: (* to mimick current bahaviour) # Existing Subsystem sftp /usr/libexec/openssh/sftp-server # New - 4th entry (if present) determines whether to STAT the target Subsystem sftp sftp-server no I have a slight issue as my users are rbash 'enabled' and so cannot run sftp to the box without this change (and a relocation of sftp-server to sshd's path) - scp works of course but alas I cannot please every user... I have effectively forced it atm by //'ing out the STAT line in the source, but this requires manual building steps + patch file maintenance which I'm trying to avoid as a longer term maint. issue, patching etc. Users require ssh too, so rssh and sftp|scp-only shells and friends are not an option here, nor is any form of tunneling/port forwarding allowed (ProxyCommand helpers such as nc/connect and friends have been removed). Thanx muchly Brian -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.6.0/342 - Release Date: 17/05/2006
