[PATCH] Add scp -1 and -2 options to OpenSSH-3.0.2p1

Dan Kaminsky dan at doxpara.com
Mon Jan 28 15:05:48 EST 2002


> :It's just a matter of consistency -- though, to be honest, since protocol
> :declaration impacts security pretty directly, both in terms of
communication
> :privacy and authentication methods,
>
> i have no idea what this means.

SCP stands for _SECURE_ copy, as opposed to the insecure "remote" copy.  So
options that have direct impact on security are actually the most critical
for SCP to implement.

> :it's really hard to claim -1/-2 aren't
> :completely appropriate for SCP regardless of "Well, it works in SSH".
>
> the general approach is that programs that use ssh for transport don't
> inherit all the ssh command line options, -o is used instead.

Programs that use SSH for transport aren't generally a part of the SSH
distribution; SCP is -- note the direct support for selecting cryptographic
ciphers or the presence of compression.  This is rather different than, say,
rsync over ssh.

Surely, in a secure copying tool, the cryptographic protocol used to
exchange data is of greater, not lesser importance than whether the
datastream is compressed!

That being said, the main difference pragmatically between SCP and rsync is
that rsync uses an encapsulation option -- -e -- to capture whatever options
are desired inside a fully described executable command, like so:

rsync -e "ssh -2 -C -c blowfish" foo user at bar:/foo

By contrast, SCP's option for selecting the encapsulator doesn't support
arbitrary options at all; it just provides a path to a binary.  This is
considerably less flexible, but does enforce the meaningfulness of options
like -C and -c.  The equivalent to the above, using the patched syntax, is:

scp -2 -C -c blowfish foo user at bar:/foo

Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com





More information about the openssh-unix-dev mailing list