From owner-freebsd-security Sun Sep 3 15:42: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id 1940237B424 for ; Sun, 3 Sep 2000 15:41:59 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id WAA05657; Sun, 3 Sep 2000 22:37:03 GMT Date: Sun, 3 Sep 2000 22:37:03 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: Peter Pentchev Cc: CrazZzy Slash , freebsd-security@FreeBSD.ORG Subject: Re: Ssh2, sftp port Numbers continue..... In-Reply-To: <20000904012407.B61559@ringwraith.office1.bg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, I thank you for this long and valuable explanation. It helped me a lot Thank you very much Ali. On Mon, 4 Sep 2000, Peter Pentchev wrote: > On Sun, Sep 03, 2000 at 10:08:49PM +0000, Ali Alaoui El Hassani wrote: > > Dear All, > > > > My wonder is that since sftp and ssh use the same port number 22. > > > > So how do they get dispatched at the level of tcp to the receiving > > applicatons sftp and ssh of remote host ? > > > > Please read again what I wrote before :) > > I wrote that sftp executes the SSH client - thereby the SSH server > is executed on the remote side. sftp passes a command to execute > to the client, which passes it to the server - and the remote sshd > executes the sftp server. > > - you invoke sftp hostname; > - sftp invokes ssh hostname /path/to/sftpserv; > - ssh establishes an SSH connection to hostname; > - sshd at hostname is executed; > - ssh (local) asks you for a password; > - sshd (remote) verifies and acknowledges the password; > - ssh (local) asks sshd (remote) to execute /path/to/sftpserv; > - sshd (remote) executes sftpserv; > - sftp (local) talks to ssh (local), which relays to sshd (remote), > which is actually already overlaid by sftpserv (remote); > - you have an sftp (local) to sftpserv (remote) connection. > > As you can see, this requires an sshd on the remote side to verify > your password/rhosts/shosts/identity-file, and allow you to execute > the sftpserv on the remote side. There is no sftpserv service per se, > it is just a program that sshd executes. > > Maybe what you are missing is that you can use SSH to execute just one > program on the remote side, rsh style, without actually allocating > a virtual terminal, starting a shell, running startup scripts and such. > Just try: > > ssh someuser@somehostname /usr/bin/w > > ssh connects to sshd, sshd executes /usr/bin/w, w shows some output > and the connection is closed. > > This is exactly the case with sftpserv, only sftpserv does not 'show some > output' and die, rather it communicates with the sftp client at your side > to let you transfer files any way you want to. > > Sorry for the long explanation, hope it helped a bit :) > > G'luck, > Peter > > -- > This sentence every third, but it still comprehensible. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message