Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of Linux Kernel Development (3rd Edition)
Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)

SSH2 Subsystems

SSH2 subsystems are a useful convenience feature to predefine remote commands for SSH clients to invoke easily. Subsystems provide a layer of abstraction for defining and invoking the remote commands. A subsystem need not be a separate program; it can invoke a function built into the SSH server itself.

SFTP is the most common SSH subsystem that you are going to encounter. For example on Linux distributions, the default /etc/ssh/sshd_config file defines one subsystem, This is the configuration line on Fedora 20:

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

Do not remove or comment out the above line. It is required for sftp to work.

Note that the subsystem syntax is slightly different between OpenSSH and SSH2 implementations.

# SSH version 2
subsystem-sftp       /usr/libexec/openssh/sftp-server

# OpenSSH version 2
subsystem sftp       /usr/libexec/openssh/sftp-server

Subsystems can be defined in the SSH v2 server configuration file using the following syntax.

subsystem-<name>      argument

The argument is the command which will be executed when the subsystem is requested.

$ ssh user@remote -s <name>

The argument can be a list of commands separated with a semicolon, or it could be the path to a shell script.

Alternately, you can use the syntax internal-<name< > to invoke an in-process server.

internal-<name>      argument

This may simplify configurations using ChrootDirectory to force a different filesystem root on clients. This should be used for example when the user is chrooted and does not have access to the server binary.

Comments are closed.