Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-33902

Valid sshd config with Sftp subsystem internal-sftp not detected by leapp

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-8.8.0
    • openssh
    • Normal
    • sst_security_crypto
    • ssg_security
    • False
    • Hide

      None

      Show
      None
    • Red Hat Enterprise Linux
    • x86_64

      What were you trying to do that didn't work?

      The leapp-report fails to detect this valida working SFTP service:

      Risk Factor: medium
Title: OpenSSH configured without SFTP subsystem
Summary: The RHEL9 is changing the default SCP behaviour to use SFTP internally so not having SFTP server enabled can prevent interoperability and break existing scripts on other systems updated to RHEL9 to copy files to or from this machine.
Remediation: [hint] Add the following line to the /etc/ssh/sshd_config to enable SFTP server: Subsystem sftp /usr/libexec/openssh/sftp-server
Key: d986c1dae70b04553548071764c4f6d3af30d477

       

      Customer has below valid working SFTP configuration

       

      # grep -R Subsystem /etc/ssh
/etc/ssh/sshd_config.d/45-service.conf:Subsystem sftp internal-sftp -f AUTH -l INFO

       

       

      # sshd -T | grep -i sftp
subsystem sftp internal-sftp -f AUTH -l INFO

      KCS related to internal sftp

      https://access.redhat.com/solutions/20764

      https://access.redhat.com/articles/1374633

       

            jjelen@redhat.com Jakub Jelen
            rhn-support-prjagtap Pradeep Jagtap
            Dmitry Belyavskiy Dmitry Belyavskiy
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: