Opened 12 years ago
Closed 11 years ago
#21610 closed feature request (wontfix)
ssh2/sftp doesn't work with chrooted/openssh sftp-internal user accounts (no shell)
Reported by: | Owned by: | ||
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4.1 |
Component: | Filesystem API | Keywords: | |
Focuses: | Cc: |
Description
The current wordpress 3.4.1 wp-admin/includes/class-wp-filesystem-ssh2.php code will crash php or spin in an endless loop when someone supplies ssh/sftp credentials (username/password) to an (open)ssh server where users don't have a shell and are chrooted to their home directory e.g. by using openssh's sftp-internal server and ChrootDirectory functionality.
There is no neat fix for the code in the WP_Filesystem_SSH2 class. I've implemented a new WP_Filesystem_SFTP class making use of the portable phpseclib library.
At this moment it is necessary to change a line in wp-admin/includes/file.php to be able to use WP_Filesystem_SFTP.
Attached is the code for this new class up for review or for anyone with the same problem.
Attachments (1)
Change History (5)
#2
@
12 years ago
- Cc kpayne@… added
- Keywords has-patch removed
- Type changed from defect (bug) to feature request
Patch is incomplete.
This patch needs Net_SSH2 and phpseclib. Net_SSH2 is LGPLv2 licensed (does this cause license problems?).
It's also missing the integration of the filesystem class with WordPress. The patch includes installation instructions in the file header instead of a complete patch to WordPress core. Please re-submit as a complete patch.
Related plugin: SSH SFTP Updater Support
#3
@
12 years ago
The plugin mentioned above does a pretty good job, I've used it in the past and had no issues, although I didn't test with chroot'ed environment. AFAIK, the licences of the plugin and it's dependancies is all A-OK for plugins usage.
I'd personally like to remove all SSH support from core, 95% of people don't need it, 4% could use it but don't know it exists (And can't use the one in core anyway), and 1% may use it (although, most of them don't care and don't use it). See #16925 for removal.
#4
@
11 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
The plugin mentioned in comment 2 is recomended for those wishing to use SSH for upgrades.
class WP_Filesystem_SFTP