Supporting SFTP Extensions

Lee Painter

SFTP extensions provide a way for vendors to extend the behavior of the SFTP protocol. While the Maverick SSH Servers have supported these for some time, the API has been unclear and undocumented. 

With the 1.7.27 release of Maverick Legacy Server, we have refactored and refined support for SFTP extensions to make it more transparent for vendors extending our server for how to go about supporting SFTP extensions and potentially implementing them as well. 

First of all, we have removed any default configuration for SFTP extensions. In a recent support case, a customer experienced some strange behavior that was unexpected to them. When we drilled down to the route cause, it was the md5-hash SFTP extension that we had enabled by default. Therefore, we no longer install SFTP extensions by default and have provided an API to allow customers to configure the extensions they want to support. 

There are currently four SFTP extensions implemented in the latest API update. 

posix-rename@openssh.com provides POSIX semantics for the SFTP rename operation, allowing the destination file to exist and therefore overwritten in a rename operation. SFTP does not allow this by default and will reject any attempt to rename a file to one that already exists. 

md5-hash-handle, md5-hash produce an MD5 hash of file contents allowing a client to verify that the contents of the remote file match its local contents. This extension is from an older specification, but many clients appear to support it. 

copy-file allows you to copy the contents of a remote file to another remote location.

open-directory-with-filter@sshtools.com is our very own SFTP extension that provides server-side filtering of directory listings. With this extension, you can use regular expression or glob syntax to filter the results of an ls operation. This extension is available in both our client and server API. Details of how to use this in practice can be found Server side Directory Filtering.

There are other published extensions that we plan to add in forthcoming releases. These include vendor-id, home-directory, copy-data, check-file-name, check-file-handle, get-temp-folder, and space-available.

To enable any of the above SFTP extensions in the Maverick Legacy Server, it just requires configuration of an SFTPExtensionFactory instance and adding this to the SshContext.

  sshContext.getSFTPExtensionFactories().add(
    new DefaultSftpExtensionFactory(SupportedSftpExtensions.POSIX_RENAME,
      SupportedSftpExtensions.MD5_FILE_HASH,
      SupportedSftpExtensions.COPY_FILE,
      SupportedSftpExtensions.OPEN_DIRECTORY_WITH_FILTER));