Bug#1006171: Make internal-sftp the default

To: submit@bugs.debian.org
Subject: Bug#1006171: Make internal-sftp the default
From: MichaIng <micha@dietpi.com>
Date: Sun, 20 Feb 2022 14:46:50 +0100
Message-id: <[🔎] 13ae6053-fb94-bfba-7bf3-a949d4d9bed0@dietpi.com>
Reply-to: MichaIng <micha@dietpi.com>, 1006171@bugs.debian.org


Package: openssh-server
Version: 1:8.8p1-1

Currently the standalone OpenSSH sftp-server is used as default SFTPsubsystem, set via /etc/ssh/sshd_config. This implies a dependency onthe openssh-sftp-server package and means that every SFTP connectionspawns a new external process, while sshd ships with the internal-sftpin-process SFTP server, which perform better when dealing with manyshort duration connections and simplifies the ChrootDirectory usage tonot require any manual /dev node setup.

Legacy SSH1 clients pass an exact SFTP command, hence will still dependon openssh-sftp-server or any alternative standalone SFTP server, alsointernal-sftp means that the login shell is skipped in the first place.But the need for both are edge cases, the use of SSH1 IMO worth to beactively discouraged, and the vast majority of OpenSSH SFTP serveradmins will benefit from this change, at least to not require a configchange that is part of very most SFTP guides around the internet,reasonably.

Forgive me if this discussion was already done, but I couldn't find itwithin the Debian bug tracker at least.


Best regards,

Micha

Reply to:

Follow-Ups:
- Bug#1006171: Make internal-sftp the default
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: openssh_8.8p1-1_source.changes ACCEPTED into unstable
Next by Date: Bug#1006171: Make internal-sftp the default
Previous by thread: openssh_8.8p1-1_source.changes ACCEPTED into unstable
Next by thread: Bug#1006171: Make internal-sftp the default
Index(es):
- Date
- Thread