Closed
Description
Having
"ForceCommand internal-sftp" in sshd_config will make the server to accept sftp connections only.
Fix details:
In windows, INTERNAL_SFTP is supported via sftp-server.exe.
This is a deviation from the UNIX implementation that hosts sftp-server within sshd.
If sftp-server were to be hosted within sshd for Windows, following would be needed
- Impersonate client user
- call sftp-server-main
SSHD service account would need impersonate privilege to impersonate client user, thereby needing elevation of SSHD account privileges
Apart from slight performance gain (by hosting sftp in process), there isn't a clear gain with this option over using and spawning sftp-server.exe.
Hence going with the later option.