OpenSSH/scp ->> F-Secure SSH server Problems

Damien Miller djm at
Mon Mar 12 15:06:18 EST 2001

On Sun, 11 Mar 2001, Greg A. Woods wrote:

> I know that the "rcp" protocol is rather old and rather poorly
> documented (outside the source and the various books that have
> covered it in more detail, such as those of the late Mr. Stevens).
> I don't quite understand what limitations it might have had
> w.r.t. SSH though.

rcp/scp also have security problems that are difficult to fix. e.g.

> It would appear that the sftp stuff is finally documented in the new
> IETF secsh draft-ietf-secsh-filexfer-00.txt, published in on or about
> Jan 9.
> My guess is this is just an excuse to use the "built-in subsystem"
> feature bloat in the secsh protocol.

Subsystems aren't "feature bloat", they are very lightweight (almost
free) and are a much more robust way of executing standard services
over an ssh transport than executing programs which may or may not be
in the server's $PATH.

There is nothing stopping anyone from implementing a scp-like tool
which uses the sftp protocol. All the back-end is there in OpenSSH
(except directory recursion), someone just needs to do the UI.


| Damien Miller <djm at> \ ``E-mail attachments are the poor man's
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list