[openssh-commits] [openssh] 01/01: upstream: Use the SFTP protocol by default. The original scp/rcp

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Sep 9 12:36:31 AEST 2021

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 73050fa38fb36ae3326d768b574806352b97002d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Sep 8 23:31:39 2021 +0000

    upstream: Use the SFTP protocol by default. The original scp/rcp
    protocol remains available via the -O flag.
    Note that ~user/ prefixed paths in SFTP mode require a protocol extension
    that was first shipped in OpenSSH 8.7.
    ok deraadt, after baking in snaps for a while without incident
    OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
 scp.1 | 42 ++++++++++++++++++++++--------------------
 scp.c |  6 +++---
 2 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/scp.1 b/scp.1
index 68aac04b..a96e95ad 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
 .\" Created: Sun May  7 00:14:37 1995 ylo
-.\" $OpenBSD: scp.1,v 1.100 2021/08/11 14:07:54 naddy Exp $
+.\" $OpenBSD: scp.1,v 1.101 2021/09/08 23:31:39 djm Exp $
-.Dd $Mdocdate: August 11 2021 $
+.Dd $Mdocdate: September 8 2021 $
 .Dt SCP 1
@@ -18,7 +18,7 @@
 .Nd OpenSSH secure file copy
 .Nm scp
-.Op Fl 346ABCOpqRrsTv
+.Op Fl 346ABCOpqRrTv
 .Op Fl c Ar cipher
 .Op Fl D Ar sftp_server_path
 .Op Fl F Ar ssh_config
@@ -37,9 +37,6 @@ It uses
 .Xr ssh 1
 for data transfer, and uses the same authentication and provides the
 same security as a login session.
-The scp protocol requires execution of the remote user's shell to perform
-.Xr glob 3
-pattern matching.
 will ask for passwords or passphrases if they are needed for
@@ -79,7 +76,9 @@ The options are as follows:
 Copies between two remote hosts are transferred through the local host.
 Without this option the data is copied directly between the two remote
-Note that, when using the legacy SCP protocol (the default), this option
+Note that, when using the legacy SCP protocol (via the
+.Fl O
+flag), this option
 selects batch mode for the second host as
 cannot ask for passwords or passphrases for both hosts.
@@ -146,9 +145,10 @@ Limits the used bandwidth, specified in Kbit/s.
 .It Fl O
 Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
 Forcing the use of the SCP protocol may be necessary for servers that do
-not implement SFTP or for backwards-compatibility for particular filename
-wildcard patterns.
-This mode is the default.
+not implement SFTP, for backwards-compatibility for particular filename
+wildcard patterns and for expanding paths with a
+.Sq ~
+prefix for older SFTP servers.
 .It Fl o Ar ssh_option
 Can be used to pass options to
 .Nm ssh
@@ -258,16 +258,6 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
-.It Fl s
-Use the SFTP protocol for file transfers instead of the legacy SCP protocol.
-Using SFTP avoids invoking a shell on the remote side and provides
-more predictable filename handling, as the SCP protocol
-relied on the remote shell for expanding
-.Xr glob 3
-A near-future release of OpenSSH will make the SFTP protocol the default.
-This option will be deleted before the end of 2022.
 .It Fl T
 Disable strict filename checking.
 By default when copying files from a remote host to a local directory
@@ -299,11 +289,23 @@ debugging connection, authentication, and configuration problems.
 .Xr ssh_config 5 ,
 .Xr sftp-server 8 ,
 .Xr sshd 8
+The original scp protocol (selected by the
+.Fl O
+flag) requires execution of the remote user's shell to perform
+.Xr glob 3
+pattern matching.
+This requires careful quoting of any characters that have special meaning to
+the remote shell, such as quote characters.
 is based on the rcp program in
 source code from the Regents of the University of California.
+Since OpenSSH 8.8,
+has use the SFTP protocol for transfers by default.
 .An Timo Rinne Aq Mt tri at iki.fi
 .An Tatu Ylonen Aq Mt ylo at cs.hut.fi
diff --git a/scp.c b/scp.c
index e039350c..c7cf7529 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.232 2021/08/11 14:07:54 naddy Exp $ */
+/* $OpenBSD: scp.c,v 1.233 2021/09/08 23:31:39 djm Exp $ */
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -448,7 +448,7 @@ main(int argc, char **argv)
 	const char *errstr;
 	extern char *optarg;
 	extern int optind;
-	enum scp_mode_e mode = MODE_SCP;
+	enum scp_mode_e mode = MODE_SFTP;
 	char *sftp_direct = NULL;
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -1983,7 +1983,7 @@ void
 	(void) fprintf(stderr,
-	    "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
+	    "usage: scp [-346ABCOpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
 	    "           [-i identity_file] [-J destination] [-l limit]\n"
 	    "           [-o ssh_option] [-P port] [-S program] source ... target\n");

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list