ssh connection with -s and sftp hangs when reaching subsystem request accepted on channel 0

imvictor

4/15/24, 1:42 PM

I've run into this strange issue of not being able to connect with ssh user@domain -s sftp.

sshd_config on target specifies Subsystem sftp /usr/libexec/openssh/sftp-server, the sftp-server file is there and I've created symlinks to it in /usr/bin, /usr/sbin etc. as so which sftp-server shows correct executable.

Plain sftp user@domain and ssh user@domain are working without problems.

running with -vvvreaches debug2: subsystem request accepted on channel 0 and hands up, until I ctrl+c-it.

There are no overshadowing configurations for sshd on target and ssh on client.

On target /var/log/secure for [sshd] ends on :

sshd[324070]: debug3: send packet: type 99
sshd[324070]: debug3: mm_request_receive entering
sshd[324070]: debug3: monitor_read: checking request 124

sshd logs shows no errors with connection.

sshd_config have only one Subsystem parameter defined for sftp and really whole config is unmodified (default).

I've tried connecting to these targets OSs : Red Hat 8.6, Ubuntu 22.04 and MacOS 13.2.1 (zsh 5.8.1).

I want to be able to use ssh with -s and to defined multiple Subsystems.

Based on this: https://www.oreilly.com/library/view/ssh-the-secure/0596008953/ch05s08.html I understand that my usage of this flag is correct as the desired subsystem should be placed in ssh call as remote-command.

Please correct me if I am wrong (with the usage) and maybe preferably point out any sources that might help with making this work.

Thanks!

347

1 + 0

ssh

sftp

Score:1

Server

Martin Prikryl

4/15/24, 8:06 PM

The ssh user@domain -s sftp is expected to "hang". The SFTP protocol is binary. You can hardly talk to it in ssh terminal.

If your aim was to try/test SFTP using custom subsystem name, use the -s switch with sftp:

sftp user@example.com -s sftp

If you wonder what's the -s for in ssh: The SSH protocol has the "subsystem API". The -s switch is just an ssh interface to that API. The only standard use of the subsystem API in SSH is SFTP. There is imo no practical use of the ssh -s switch with the SFTP, as SFTP is binary protocol. No other standard use of SSH subsystems has even emerged, afaik. But simply OpenSSH ssh has the switch just in case there's a use for it. There are dozens of other ssh options that you probably never use. But they are there, for the rare cases you might need them.

+ 1

Ward - Reinstate Monica

4/21/24, 5:01 AM

**Comments have been [moved to chat](https://chat.stackexchange.com/rooms/145479/discussion-on-answer-by-martin-prikryl-ssh-connection-with-s-and-sftp-hangs-whe); please do not continue the discussion here.** Before posting a comment below this one, please review the [purposes of comments](/help/privileges/comment). Comments that do not request clarification or suggest improvements usually belong as an [answer](/help/how-to-answer), on [meta], or in [chat]. Comments continuing discussion may be removed.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ssh connection with -s and sftp hangs when reaching subsystem request accepted on channel 0

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.