SFTP implementation in SecureCRT 5.0

[Maureen]

Quote:

Originally Posted by undef

6. Perhaps SFTP should locally open in another directory than the program folder? My suggestion would be to open in the users home directory (i.e. c:\Documents and Settings\<username>\). Preferably this should be an configurable option.

Support for initial local and remote SFTP directories is available in beta 5. It can be found on the SFTP tab page under SSH2 in the Session Options dialog.

Maureen

[DaCypher]

Quote:

Originally Posted by Maureen

Support for initial local and remote SFTP directories is available in beta 5. It can be found on the SFTP tab page under SSH2 in the Session Options dialog.

Maureen

Now that this has been implemented, would it be possible to add an option to allow the initial directories to be used in conjunction with the "^[&&Bsftp-download `pwd`"-type commands? I would like to use the sftp-download command and have SecureCRT automatically save the file(s) to my default SFTP directory (this should probably be a toggle in the settings in case you want to choose the directory each time).

On a side note, does anyone know how to implement the sftp-download command entirely on the client side? I use ~20 different machines to SSH into and so adding a script and alias on each one for each user account that I use is somewhat of a pain (not to mention that several of the machines get formatted somewhat frequently). What I have been thinking was if there was some way to bind a key combination to send the string of the first part of the special sftp-download (or sftp-upload) command and then I could type in the filename/mask, but then I would still have to end the quotes on the echo command (another send string command maybe?). Or maybe this could be done in a client script? By the way, if I login as a normal user and I su to root, will the sftp-download command be able to read files that are only readable by root, or does it just create an SFTP session based on the SSH login credentials?

I'm not sure if anyone else uses these features, but I find them rather useful.

[Maureen]

Quote:

Originally Posted by DaCypher

Now that this has been implemented, would it be possible to add an option to allow the initial directories to be used in conjunction with the "^[&&Bsftp-download `pwd`"-type commands? I would like to use the sftp-download command and have SecureCRT automatically save the file(s) to my default SFTP directory (this should probably be a toggle in the settings in case you want to choose the directory each time).

Thanks for the feature request. I will enter it in our development database for consideration in a future release.

For the initial local directory, I would expect it to honor the SFTP setting for the first escape-intiated download. But if you change the directory, subsequent escape-initiated downloads would use the new directory. Is this how you would expect it to work?

Maureen

[DaCypher]

Quote:

Originally Posted by Maureen

Thanks for the feature request. I will enter it in our development database for consideration in a future release.

For the initial local directory, I would expect it to honor the SFTP setting for the first escape-intiated download. But if you change the directory, subsequent escape-initiated downloads would use the new directory. Is this how you would expect it to work?

Maureen

Yes, that would make sense to me.

Something I just noticed with the lastest beta (can't remember if it did this previously), but if I type 'echo "^[&&Bsftp-download `pwd` file"' and the user that I logged into SSH as does not have read permission on the file, then I am returned to my shell prompt with the letter 'F'.

Unfortunately there probably isn't a way for the SFTP session to automatically have the same permissions as the user that I am currently 'su'ed to. For example, if I connect to a linux machine via SSH with user 'normal_user' and then su to root and try to use an SFTP session (either via sftp-download or sftp tab), I can't download a file that is only readable by root.

I realize that there are probably few users that use the sftp-download feature, but it seems like if this feature was tweaked slightly this could become very useful.

[jcj]

Quote:

Originally Posted by DaCypher

[...]
Something I just noticed with the lastest beta (can't remember if it did this previously), but if I type 'echo "^[&&Bsftp-download `pwd` file"' and the user that I logged into SSH as does not have read permission on the file, then I am returned to my shell prompt with the letter 'F'.
[...]

The "F" is returned to indicate failure of the escape sequence (since you don't have read permission). Each of the "special" escape sequences returns "S" for success or "F" for failure once it has been executed. This allows a program on the remote to do error-checking when sending the "special" escape sequences.

Quote:

Originally Posted by DaCypher

[...]
Unfortunately there probably isn't a way for the SFTP session to automatically have the same permissions as the user that I am currently 'su'ed to. For example, if I connect to a linux machine via SSH with user 'normal_user' and then su to root and try to use an SFTP session (either via sftp-download or sftp tab), I can't download a file that is only readable by root.
[...]

Correct.

What happens in your shell what happens on the SFTP channel aren't closely tied enough to make this sort of thing possible. When using the SFTP tab, you're "piggybacking" an SFTP session over the original SSH2 transport, and are authenticated as the user the initial SSH2 session authenticated as for the purposes of the SFTP tab. You'd need to authenticate with a new SSH2 session as the "su'ed" user in order to get the permissions straight. The SFTP tab and the "special" SFTP escape sequence are identical in this regard.

Cheers~

~JcJ

[DaCypher]

Quote:

Originally Posted by jcj

The "F" is returned to indicate failure of the escape sequence (since you don't have read permission). Each of the "special" escape sequences returns "S" for success or "F" for failure once it has been executed. This allows a program on the remote to do error-checking when sending the "special" escape sequences.

Ahh, I guess that actually makes some sense now that I think about it. Thanks for that info.

Quote:

Originally Posted by jcj

Correct.

What happens in your shell what happens on the SFTP channel aren't closely tied enough to make this sort of thing possible. When using the SFTP tab, you're "piggybacking" an SFTP session over the original SSH2 transport, and are authenticated as the user the initial SSH2 session authenticated as for the purposes of the SFTP tab. You'd need to authenticate with a new SSH2 session as the "su'ed" user in order to get the permissions straight. The SFTP tab and the "special" SFTP escape sequence are identical in this regard.

Cheers~

~JcJ

I pretty much figured it was working the way you described, but again, thanks for the additional information on this.

By the way, thanks for the very cool products. I'm looking forward to future versions.