[openssh-commits] [openssh] 01/02: upstream: Prepare for a future where scp(1) uses the SFTP protocol by
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Aug 10 13:37:37 AEST 2021
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 391ca67fb978252c48d20c910553f803f988bd37
Author: djm at openbsd.org <djm at openbsd.org>
Date: Tue Aug 10 03:33:34 2021 +0000
upstream: Prepare for a future where scp(1) uses the SFTP protocol by
default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).
prompted by/feedback from deraadt@
OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
---
scp.1 | 34 +++++++++++++++++++++-------------
scp.c | 23 ++++++++++-------------
2 files changed, 31 insertions(+), 26 deletions(-)
diff --git a/scp.1 b/scp.1
index c06ecf68..972269af 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.98 2021/08/09 23:56:36 djm Exp $
+.\" $OpenBSD: scp.1,v 1.99 2021/08/10 03:33:34 djm Exp $
.\"
-.Dd $Mdocdate: August 9 2021 $
+.Dd $Mdocdate: August 10 2021 $
.Dt SCP 1
.Os
.Sh NAME
@@ -18,14 +18,13 @@
.Nd OpenSSH secure file copy
.Sh SYNOPSIS
.Nm scp
-.Op Fl 346ABCpqRrTv
+.Op Fl 346ABCOpqRrsTv
.Op Fl c Ar cipher
.Op Fl D Ar sftp_server_path
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
.Op Fl J Ar destination
.Op Fl l Ar limit
-.Op Fl M Ar scp | sftp
.Op Fl o Ar ssh_option
.Op Fl P Ar port
.Op Fl S Ar program
@@ -112,7 +111,7 @@ Selects the cipher to use for encrypting the data transfer.
This option is directly passed to
.Xr ssh 1 .
.It Fl D Ar sftp_server_path
-When using the experimental SFTP protocol support via
+When using the SFTP protocol support via
.Fl M ,
connect directly to a local SFTP server program rather than a
remote one via
@@ -144,14 +143,12 @@ This option is directly passed to
.Xr ssh 1 .
.It Fl l Ar limit
Limits the used bandwidth, specified in Kbit/s.
-.It Fl M Ar scp | sftp
-Specifies a mode which will be used to transfer files.
-The default is to use the original
-.Cm scp
-protocol.
-Alternately, experimental support for using the
-.Cm sftp
-protocol is available.
+.It Fl O
+Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
+Forcing the use of the SCP protocol may be necessary for servers that do
+not implement SFTP or for backwards-compatibility for particular filename
+wildcard patterns.
+This mode is the default.
.It Fl o Ar ssh_option
Can be used to pass options to
.Nm ssh
@@ -261,6 +258,16 @@ to use for the encrypted connection.
The program must understand
.Xr ssh 1
options.
+.It Fl s
+Use the SFTP protocol for file transfers instead of the legacy SCP protocol.
+Using SFTP provides avoids invoking a shell on the remote side and provides
+more predictable filename handling, as the SCP protocol
+relied on the remote shell for expanding
+.Xr glob 3
+wildcards.
+.Pp
+A near-future release of OpenSSH will make the SFTP protocol the default.
+This option will be deleted before the end of 2022.
.It Fl T
Disable strict filename checking.
By default when copying files from a remote host to a local directory
@@ -290,6 +297,7 @@ debugging connection, authentication, and configuration problems.
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh_config 5 ,
+.Xr sftp-server 8 ,
.Xr sshd 8
.Sh HISTORY
.Nm
diff --git a/scp.c b/scp.c
index 3eda5483..e6935436 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.229 2021/08/09 23:56:36 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.230 2021/08/10 03:33:34 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -448,7 +448,6 @@ main(int argc, char **argv)
const char *errstr;
extern char *optarg;
extern int optind;
- /* For now, keep SCP as default */
enum scp_mode_e mode = MODE_SCP;
char *sftp_direct = NULL;
@@ -482,7 +481,7 @@ main(int argc, char **argv)
fflag = Tflag = tflag = 0;
while ((ch = getopt(argc, argv,
- "12346ABCTdfpqRrtvD:F:J:M:P:S:c:i:l:o:")) != -1) {
+ "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) {
switch (ch) {
/* User-visible flags. */
case '1':
@@ -517,6 +516,12 @@ main(int argc, char **argv)
addargs(&args, "-%c", ch);
addargs(&args, "%s", optarg);
break;
+ case 'O':
+ mode = MODE_SCP;
+ break;
+ case 's':
+ mode = MODE_SFTP;
+ break;
case 'P':
sshport = a2port(optarg);
if (sshport <= 0)
@@ -526,14 +531,6 @@ main(int argc, char **argv)
addargs(&remote_remote_args, "-oBatchmode=yes");
addargs(&args, "-oBatchmode=yes");
break;
- case 'M':
- if (strcmp(optarg, "sftp") == 0)
- mode = MODE_SFTP;
- else if (strcmp(optarg, "scp") == 0)
- mode = MODE_SCP;
- else
- usage();
- break;
case 'l':
limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024,
&errstr);
@@ -1987,8 +1984,8 @@ void
usage(void)
{
(void) fprintf(stderr,
- "usage: scp [-346ABCpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
- " [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n"
+ "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
+ " [-i identity_file] [-J destination] [-l limit]\n"
" [-o ssh_option] [-P port] [-S program] source ... target\n");
exit(1);
}
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list