Bug#1006171: Make internal-sftp the default
On Sun, Feb 20, 2022 at 02:46:50PM +0100, MichaIng wrote:
> Currently the standalone OpenSSH sftp-server is used as default SFTP
> subsystem, set via /etc/ssh/sshd_config. This implies a dependency on the
> openssh-sftp-server package and means that every SFTP connection spawns a
> new external process, while sshd ships with the internal-sftp in-process
> SFTP server, which perform better when dealing with many short duration
> connections and simplifies the ChrootDirectory usage to not require any
> manual /dev node setup.
>
> Legacy SSH1 clients pass an exact SFTP command, hence will still depend on
> openssh-sftp-server or any alternative standalone SFTP server, also
> internal-sftp means that the login shell is skipped in the first place. But
> the need for both are edge cases, the use of SSH1 IMO worth to be actively
> discouraged, and the vast majority of OpenSSH SFTP server admins will
> benefit from this change, at least to not require a config change that is
> part of very most SFTP guides around the internet, reasonably.
I haven't done this mainly because if the default is to be changed it
should be changed upstream; they're better placed to be aware of corner
cases that might cause regressions if changing the default. I'd
encourage you to file this on https://bugzilla.mindrot.org/ instead.
(SSH 1 is not an issue, since the code to support it has been removed
from the server anyway, so you should probably omit that part from your
upstream report.)
--
Colin Watson (he/him) [cjwatson@debian.org]
Reply to: