3

Does sunSSH internal-sftp support -d option as does the equivalent in openSSH?

Basically in my /etc/ssh/sshd_config file I do:

Match Group sftp ChrootDirectory %h ForceCommand internal-sftp -d /foo AllowTcpForwarding no

The above is possible on Linux, but I cannot find any documentation wrt Solaris and internal-sftp.

The reason why I assume it doesn't work is because SFTP sessions cannot login with the above config. If I remove the parameters following internal-sftp it works.

Solaris version is 11.3. (latest and greatest)

Improve this question
3
  • Also, what does the output from man sshd_config tell you? Commented Jun 27, 2017 at 11:17
  • @AndrewHenle manual page for sshd_config does not talk about any configuration options for sftp-server. Commented Jun 27, 2017 at 12:05
  • Did you try looking in the Subsystem section? Commented Jun 27, 2017 at 12:13

2 Answers 2

Reset to default
3

Since you're using v11.3, you could also switch from using SunSSH to OpenSSH if you wanted.

Here's a proc taken from the Solaris 11 cheatsheet put together by Joerg:

Since Solaris 11.3 it’s possible to use OpenSSH instead of SunSSH.

pkg install openssh pkg mediator -a ssh pkg set-mediator -I openssh ssh
Improve this answer
1
  • Sure, this is a possible option for me. By the way: The official documentation for the Solaris 11.3 SSH implementation - including information about how to switch between sunSSH and openSSH - is here. Commented Jun 28, 2017 at 16:30
2

If it does not work, it is most probably not supported. You can simply find out from the manual page for sftp-server.

As a workaround, you can use a script that would do the cd and then start the sftp-server from the default location (needs to be copied into the chroot).

Improve this answer
4
  • Good point. On Linux (i.e with openSSH), the options that are accepted by internal-sftp are the same as those accepted by sftp-server. So therefore the man page for sftp-server can be used. But I wouldn't know if this applies to sunSSH as well. Probably, I guess. (in which case we can conclude that -d is not a possible option for internal-sftp). Commented Jun 28, 2017 at 16:25
  • Why they would be different? It is the same code that is run by sftp-server and the internal-sftp (unless you installed the first from other source). Commented Jun 28, 2017 at 16:28
  • Yes, I just wasn't aware of that. :-) I have accepted your answer because it is the one which most precisely answers my immediate question (is -d option supported or not?). Thanks. However, as for the workaround I'll most likely not use what you suggest but rather switch to openSSH instead as per sleepweasel's answer. Commented Jun 28, 2017 at 16:34
  • Yes, switching to OpenSSH is a good idea unless you need something very special from sunssh. Commented Jun 28, 2017 at 16:37

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.