[Bug 982] scp doesn't work with password authentication when copying from remote to remote
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Apr 16 11:13:38 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=982
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Comment #3 from djm at mindrot.org 2006-04-16 11:13 -------
After thinking about this some more, there is a good reason why this patch
should not go in: when you perform a copy "scp host_a:file host_b" with this
patch, you must expose your password on "host_a" rather than the local host.
You may not trust "host_a" with your "host_b" password (e.g. someone making a
trojan scp binary there could easily collect passwords without your knowledge),
and it isn't obvious to someone without a good knowledge of how this actually
works that they are actually entering a password on a non-local system.
Adding a warning is probably not practical because the host that initiates a
remote to remote copy doesn't know what authentication mechanisms will be
needed.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list