On Jun 15, 2005, at 9:11 PM, James K. Lowden wrote:

> Ben Harris wrote:
>
>> This is a client issue, not a server issue.  ftpd no more loads your
>> shell than httpd does.
>>
>
> Thank you for the education.  Not to drift too far off topic, but  
> now I'm
> completely baffled by why ftpd insists the user have a valid shell  
> (item
> #3 under "User Authentication" on the ftpd man page).

Purely by convention...  But then again, this is all highly  
configurable with NetBSD's ftpd.

> It is and it ain't, if I may say so.  In contrast to inetd, there's no
> general, open-ended, well defined interface between sshd and sftp- 
> server.
> Maybe it's just a dearth of documentation, but afaict sftp-server is
> tailor-made to fit sshd's demands.  I'm unaware of any other  
> subsystems
> for sshd.

Just because you're unaware of them doesn't mean they don't exist or  
that you couldn't write new ones.

But, simply put, the environment provided by SSH subsystems is much  
different than that provided by inetd (the latter gives you a socket,  
the former -- and anything else like it -- does not).

> It would be nice, I think, to write simple programs that use stdio,  
> and
> wire them up to ssh to get authentication and encryption for free.

That wouldn't quite work, unless you are working with specifically  
the BSD stdio; you need funopen() to do this.  You can't just rely on  
fdopen(), because SSH subsystems (as well as SSL/TLS) don't provide  
you with a file descriptor interface to the encrypted session.

-- thorpej