pkg / sftp

SFTP support for the go.crypto/ssh package
BSD 2-Clause "Simplified" License
1.52k stars 380 forks source link

How to set error message to "This service allows sftp connections only" when login with ssh? #477

Closed m3ng9i closed 3 years ago

m3ng9i commented 3 years ago

I run the example code of sftp/examples/go-sftp-server/main.go, and try to use ssh command to login:

ssh -p 2022 testuser@127.0.0.1

After enter the password, I got the error message:

PTY allocation request failed on channel 0
shell request failed on channel 0

How to change the message above to "This service allows sftp connections only"?

puellanivis commented 3 years ago

I think this is something that we cannot do, as these error messages are originating from the ssh client itself.

Additionally, anything that one could design would have to be implemented through the ssh package itself.

My best guess to get something actually working here, I think you would have to setup a handler for both "pty-req" and "shell" that do not fail, where the "shell" handler eventually just sends "This service allows sftp connections only." and then terminates. How to do that is quite a bit outside the scope of this project.

You might be able to use the non-example server code as a model to get started, but we wouldn’t really be able to support you, because as mentioned before, outside of scope.

m3ng9i commented 3 years ago

I guess the message "This service allows sftp connections only" is not generated by the server, but by the ssh client.

I found a piece of code from openssh:

# session.c of openssh source code, line 1646
if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
    error("Connection from %s: refusing non-sftp session",
        remote_id);
    printf("This service allows sftp connections only.\n");
    fflush(NULL);
    exit(1);
}

Maybe the server could send some data to the client, to let the client display: This service allows sftp connections only. I don't know how to do that.

puellanivis commented 3 years ago

The only way I would know of to print something from the server that would get displayed by the client is as mentioned, trapping pty-req and shell. Even the code here demonstrates that there is no message from the server being printed.

I’ve tried to poke around a bit and try and figure out how to trigger that condition, but I just don’t know how. But it’s definitely not anything that concerns SFTP itself, it’s at the level just before SFTP. Like I said, we’re only trapping the sftp subsystem and the package’s code only runs once that subsystem is setup, everything else? 🤷‍♀️ Not our package, unfortunately.

m3ng9i commented 3 years ago

Thanks for reply.