Translate

Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of Linux Kernel Development (3rd Edition)
Image of Android Wireless Application Development
Image of Beginning Google Maps API 3

SSH2 Subsystems

SSH2 subsystems are a useful convenience feature to predefine remote commands for SSH clients to invoke easily. Subsystems provide a layer of abstraction for defining and invoking the remote commands. A subsystem need not be a separate program; it can invoke a function built into the SSH server itself.

SFTP is the most common SSH subsystem that you are going to encounter. For example on Linux distributions, the default /etc/ssh/sshd_config file defines one subsystem, This is the configuration line on Fedora 20:

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server


Do not remove or comment out the above line. It is required for sftp to work.

Note that the subsystem syntax is slightly different between OpenSSH and SSH2 implementations.

# SSH version 2
subsystem-sftp       /usr/libexec/openssh/sftp-server

# OpenSSH version 2
subsystem sftp       /usr/libexec/openssh/sftp-server


Subsystems can be defined in the SSH v2 server configuration file using the following syntax.

subsystem-<name>      argument


The argument is the command which will be executed when the subsystem is requested.

$ ssh user@remote -s <name>


The argument can be a list of commands separated with a semicolon, or it could be the path to a shell script.

Alternately, you can use the syntax internal-<name< > to invoke an in-process server.

internal-<name>      argument


This may simplify configurations using ChrootDirectory to force a different filesystem root on clients. This should be used for example when the user is chrooted and does not have access to the server binary.

Comments are closed.