In article <20050616001100.4d625b19.jklowden@schemamania.org> you write:
>Ben Harris wrote:
>> That's precisely what the "Subsystem sftp /usr/libexec/sftp-server" in
>> sshd_config does.  If you want a better sftp server, replace it there.
>
>It is and it ain't, if I may say so.  In contrast to inetd, there's no
>general, open-ended, well defined interface between sshd and sftp-server. 

It's general in that any SSH subsystem could be implemented using it.  It's
as open-ended as the SSH subsystem model, which is to say "not very".  The
interface isn't particularly well-defined, but it hardly needs to be -- the
subsystem gets run in a trio of pipes (or, presumably, a pty if the client
asks for that) connected to the SSH "session" channel.  What it does over
this channel is up to the definition of the subsystem.

>Maybe it's just a dearth of documentation, but afaict sftp-server is
>tailor-made to fit sshd's demands.  I'm unaware of any other subsystems
>for sshd.  

sftp-server is indeed written to work with sshd, but that doesn't mean that
you can't replace it easily.

>It would be nice, I think, to write simple programs that use stdio, and
>wire them up to ssh to get authentication and encryption for free.  

Um, that's what I use SSH for all the time.  In what way is it difficult?

-- 
Ben Harris