使用命令行 SSH 调用子系统 SFTP [英] SSH invocation of a subsystem SFTP using command line
问题描述
我遇到了一个问题,我有一个 SFTP 服务器(没有 SSH shell 访问).
I am facing a problem where I have an SFTP server (with no SSH shell access).
当我从客户端机器发出 SFTP 请求时,它可以工作:
When from a client machine I do SFTP request it works:
sftp username@remote_IP
然后,如果我执行 SSH 请求,它就会挂起
Then if I do a SSH request it hangs
ssh -l username -s remote_IP sftp
但是 ssh 手册页建议
-s May be used to request invocation of a subsystem on the remote
system. Subsystems facilitate the use of SSH as a secure
transport for other applications (e.g. sftp(1)). The subsystem
is specified as the remote command.
远程服务器上的 SSH 服务器是否必须启用此功能,或者还有其他出路吗?
Does SSH server at remote server must enable this or there is some other way out for this?
添加详细日志.... 让我首先与您分享 sftp 详细模式日志,其中建议:
Adding verbose logs .... let me first share you the sftp verbose mode logs which suggests:
debug1: Authentication succeeded (publickey)
debug1: fd 5 setting O_NONBLOCK
debug2: fd 6 is O_NONBLOCK
debug2: TCP receive buffer size: 49640 B
debug1: SSH receive window size: 198560 B
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: Sending subsystem: sftp
debug1: channel request 0: subsystem
debug2: callback done
debug1: channel 0: open confirm rwindow 2097152 rmax 32768
debug2: Remote version: 3
debug3: Sent message fd 5 T:16 I:1
debug3: SSH_FXP_REALPATH . -> /root
sftp> pwd
现在我显示了 ssh -l username -s remote_IP sftp
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: subsystem request accepted on channel 0
这是它挂起的地方.
简而言之,问题是如果 SFTP 工作并在服务器上启用,ssh 会发生什么,它在远程服务器上调用子系统 sftp"?服务器端或实际上客户端需要什么才能使其工作?
The problem in short is "If SFTP works and is enabled on server what happens to ssh which is calling subsystem sftp on remote server"? What exactly is required at server end or as a matter of fact at client side to make it work?
如果我理解有误,请澄清我的基本理解.
Please clarify my basic understanding, if I have understood something wrong.
推荐答案
你希望它做什么?
它启动 SFTP 服务器.服务器等待 SFTP 请求,尤其是 SSH_FXP_INIT.它永远不会得到一个.SSH 终端 (ssh) 几乎不会发送 SFTP 数据包.
It starts the SFTP server. And the server waits for SFTP requests, particularly for the SSH_FXP_INIT. And it never gets one. The SSH terminal (ssh) will hardly send an SFTP packet.
所以它挂了.正如预期的那样.
So it hangs. As expected.
(请注意,尽管相同,SSH_FXP_INIT 是 SFTP 请求,而不是 SSH 请求.SSH_FXP 代表类似SSH file ex更改p协议")
(Note that despite the same, the SSH_FXP_INIT is an SFTP request, not an SSH request. The SSH_FXP stands for something like "SSH file exchange protocol")
您还没有真正向我们解释您的期望.
You haven't really explained us what do you expect.
让我猜猜.
您实际上认为 SFTP 是一种文本协议.您在 sftp(OpenSSH 命令行 SFTP 客户端)中键入的命令(如 rm、put 等)是真正的命令去服务器.他们不是.SFTP 是一种二进制协议.这些命令是一种特定 SFTP 客户端实现的专有命令.客户端 (OpenSSH sftp) 将这些文本命令转换为二进制 SFTP 数据包/请求并将它们发送到服务器.然后它将来自 SFTP 服务器的二进制响应转换为人类可读的文本消息.
You actually believe that the SFTP is a textual protocol. That the commands (like rm, put, etc) that you type in the sftp (OpenSSH command-line SFTP client) are real commands that go to the server. They are not. The SFTP is a binary protocol. Those commands are proprietary commands of one specific SFTP client implementation. The client (OpenSSH sftp) translates those textual commands to binary SFTP packets/requests and sends them to the server. And then it translates the binary responses from the SFTP server to human readable textual messages.
即使在理论上,这些文本命令也无法与服务器进行真正的交换.像 rm 这样的简单命令就可以.但是 put 或 get 呢?如果你做put/local/path,SFTP服务器如何访问本地文件读取?这不可以.SFTP 客户端执行此操作.
Those textual commands cannot be real exchange with the server even theoretically. Simple commands, like the rm, could. But what about the put or get? If you do put /local/path, how can the SFTP server access the local file to read it? It cannot. The SFTP client does that.
这类似于 FTP.FTP 是一种文本协议.理论上,您可以通过键入命令与 FTP 服务器通信.例如,您可以通过这种方式删除远程文件(使用 DELE/path/to/file 命令).但是您不能以这种方式上传或下载文件.这需要配合本地FTP软件.
That's similar to FTP. The FTP is a textual protocol. You can theoretically talk to the FTP server by typing the commands. You can delete remote files this way for example (using DELE /path/to/file command). But you cannot upload or download files this way. That requires cooperation with the local FTP software.
在服务器端或实际上在客户端需要什么才能使其工作?
What exactly is required at server end or as a matter of fact at client side to make it work?
您的服务器端按预期工作.但是您需要在客户端有一个实际的 SFTP 客户端.
Your server-end works as expected. But you need an actual SFTP client on the client side.
这篇关于使用命令行 SSH 调用子系统 SFTP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
