Subject: Re: [Summer of code] Proposal : a Sftp server
To: None <>
From: James K. Lowden <>
List: tech-userlevel
Date: 06/14/2005 23:15:41
Aris Adamantiadis wrote:
> My project would be to create a sftp server, that is, a file transfer
> protocol  over SSH. It would use libssh server (which has to be coded).
> The interest of doing another one sftp server is the fact that there is
> only  one FOSS sftp server (namely, openssh) 


Every time I use sftp, I miss the features of a typical ftpd.  The most
obvious one is [tab] name-completion, because it doesn't load my shell. 
And I miss the conveniences, such as mget, of our ftp client.  

(This contrasts with the interactive experience.  Once logged in, an ssh
session is almost indistinguishable from a telnet session.  I think if
people had had to give up their beloved shells to use ssh, we'd still be
using telnet.)

I don't understand why sshd isn't just a better inetd.  IOW, why can't it
accept a connection, authenticate the user, and hand it off to the next
layer?  Why can't ftp & fptd be taught to speak ssh, instead of replacing
them with new, feature-poor versions?  Do all things secure have to taste
like unsalted oatmeal?  

Some people would doubtless argue that handing off the connection to
arbitrary backends exposes the host machine to those programs' security
flaws.  I say it's not ssh's job to secure the host, but only to
authenticate and secure the connection.  Securing the host is what
sysadmins are paid for.  

If sshd adopted my model, there are many services just begging for a
standard, secure authentication & encryption front end.  Databases, for

You did ask for comments....