OpenSSH/scp ->> F-Secure SSH server Problems
Roeland Meyer
rmeyer at mhsc.com
Mon Mar 12 08:37:34 EST 2001
> From: woods at weird.com [mailto:woods at weird.com]
> Sent: Sunday, March 11, 2001 8:31 AM
>
> [ On Sunday, March 11, 2001 at 12:06:51 (+0100), Markus
> Friedl wrote: ]
> > Subject: Re: OpenSSH/scp ->> F-Secure SSH server Problems
> >
> > On Sun, Mar 11, 2001 at 12:21:47AM -0500, Greg A. Woods wrote:
> > > OpenSSH does not yet seem to implement server support for
> > > depend on sftp on the server side.
> > >
> > > However I have not had any trouble with any OpenSSH
> > you could install openssh's scp on the server then scp works
> > from the openssh client.
>
> But that's the part that works already. It's SSH-2.4.0 client scp to
> OpenSSH server that doesn't work (and which needs sftp server-side
> support).
>
> (I don't really understand why rcp over ssh wasn't sufficient and why
> SSH-2.4.0 now uses the sftp gunge to implement scp, but
> perhaps there's
> a reasonable reason....)
I echo your lack of understanding. Sometimes, "if it ain't broke ... don't
fix it" applies and if you *are* going to muck with it, create an
enhancement and leave the, working, original alone.
I've been using 1.2.27 (non-com), w/ the 2.0.13 patch, for quite a while
now. It works fine, but I'd really like to have a Win32 version of both. I
haven't gone to OpenSSH because of issues like what we're talking about here
(however, I use OpenSSL quite a bit). I also don't understand the
fascination folks have for FTP. Anything that uses non-deterministic
dynamically reassigned ports is fundimentally insecurable. Full
authentication can only be accomplished when both sides of the connection
are fully deterministic. In short, sftp ain't... FTP must die. If you want
secure files distro, use https. If you want secure file uploads, scp does
the job nicely, or a Java uploader, under https. Getting the SSH/FTP(sftp)
kludge to work only weakens SSH.
More information about the openssh-unix-dev
mailing list