All,

Just curious - is it really necessary to STAT the subsystem prior to
invocation by the user? If not, would it be considered as a possible
option for each subsystem in the conf?

Before I'm jumped on about changes to conf format, I'm suggesting an
optional, default yes* toggle appended to the end of the existing
subsystem entries, ala:
(* to mimick current bahaviour)

# Existing
Subsystem sftp /usr/libexec/openssh/sftp-server

# New - 4th entry (if present) determines whether to STAT the target
Subsystem sftp sftp-server no

I have a slight issue as my users are rbash 'enabled' and so cannot run
sftp to the box without this change (and a relocation of sftp-server to
sshd's path) - scp works of course but alas I cannot please every
user... I have effectively forced it atm by //'ing out the STAT line in
the source, but this requires manual building steps + patch file
maintenance which I'm trying to avoid as a longer term maint. issue,
patching etc.

Users require ssh too, so rssh and sftp|scp-only shells and friends are
not an option here, nor is any form of tunneling/port forwarding allowed
(ProxyCommand helpers such as nc/connect and friends have been removed).

Thanx muchly
Brian



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.6.0/342 - Release Date: 17/05/2006