Make WordPress Core

Opened 12 years ago

Closed 11 years ago

#21610 closed feature request (wontfix)

ssh2/sftp doesn't work with chrooted/openssh sftp-internal user accounts (no shell)

Reported by: albertmediacasternl's profile albert@… Owned by: albertmediacasternl's profile albert@…
Milestone: Priority: normal
Severity: normal Version: 3.4.1
Component: Filesystem API Keywords:
Focuses: Cc:


The current wordpress 3.4.1 wp-admin/includes/class-wp-filesystem-ssh2.php code will crash php or spin in an endless loop when someone supplies ssh/sftp credentials (username/password) to an (open)ssh server where users don't have a shell and are chrooted to their home directory e.g. by using openssh's sftp-internal server and ChrootDirectory functionality.
There is no neat fix for the code in the WP_Filesystem_SSH2 class. I've implemented a new WP_Filesystem_SFTP class making use of the portable phpseclib library.

At this moment it is necessary to change a line in wp-admin/includes/file.php to be able to use WP_Filesystem_SFTP.
Attached is the code for this new class up for review or for anyone with the same problem.

Attachments (1)

class-wp-filesystem-sftp.php (9.9 KB) - added by albert@… 12 years ago.
class WP_Filesystem_SFTP

Download all attachments as: .zip

Change History (5)

12 years ago

class WP_Filesystem_SFTP

#2 @kurtpayne
12 years ago

  • Cc kpayne@… added
  • Keywords has-patch removed
  • Type changed from defect (bug) to feature request

Patch is incomplete.

This patch needs Net_SSH2 and phpseclib. Net_SSH2 is LGPLv2 licensed (does this cause license problems?).

It's also missing the integration of the filesystem class with WordPress. The patch includes installation instructions in the file header instead of a complete patch to WordPress core. Please re-submit as a complete patch.

Related plugin: SSH SFTP Updater Support

#3 @dd32
12 years ago

The plugin mentioned above does a pretty good job, I've used it in the past and had no issues, although I didn't test with chroot'ed environment. AFAIK, the licences of the plugin and it's dependancies is all A-OK for plugins usage.

I'd personally like to remove all SSH support from core, 95% of people don't need it, 4% could use it but don't know it exists (And can't use the one in core anyway), and 1% may use it (although, most of them don't care and don't use it). See #16925 for removal.

#4 @dd32
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

The plugin mentioned in comment 2 is recomended for those wishing to use SSH for upgrades.

Note: See TracTickets for help on using tickets.