Re: tunneling and exec channel request support for SSH URIs

[Simon Tatham <anakin%pobox.com@localhost>]

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> wrote:

> Yes, I think that's closer to the mark.  On the other hand, I do think it 
> should be possible to write a URI that refers to an SFTP service accessed 
> using the user's credentials.  I suppose to make this determination for a 
> subsystem, one needs to know what the subsystem does,

Yes. SFTP could reasonably be an exception to the general principle
I suggested, based on specific knowledge that SFTP in particular is
a subsystem which won't do anything destructive just from being
invoked - it would have to be specifically instructed by the user to
delete or modify files for anything dangerous to occur.

But really, an SFTP URI and an SSH URI citing subsystem "sftp" are
not semantically the same anyway. The latter, if it is to be treated
consistently with URIs citing a command, merely tells a basic SSH
client what exec/subsystem request to send, so that the user would
be presented with raw access to the SFTP service, which isn't very
useful at all. The former also indicates that a different client
program (or the same client program in a different mode, according
to taste) should be run, so that the user gets a thing that looks
like a filesystem browser.
-- 
Simon Tatham         "The difference between theory and practice is
<anakin%pobox.com@localhost>    that, in theory, there is no difference."