[PATCH] Add scp -1 and -2 options to OpenSSH-3.0.2p1

Markus Friedl markus at openbsd.org
Mon Jan 28 19:50:02 EST 2002


On Sun, Jan 27, 2002 at 08:05:48PM -0800, Dan Kaminsky wrote:
> > :It's just a matter of consistency -- though, to be honest, since protocol
> > :declaration impacts security pretty directly, both in terms of
> communication
> > :privacy and authentication methods,
> >
> > i have no idea what this means.
> 
> SCP stands for _SECURE_ copy, as opposed to the insecure "remote" copy.  So
> options that have direct impact on security are actually the most critical
> for SCP to implement.
> 
> > :it's really hard to claim -1/-2 aren't
> > :completely appropriate for SCP regardless of "Well, it works in SSH".
> >
> > the general approach is that programs that use ssh for transport don't
> > inherit all the ssh command line options, -o is used instead.
> 
> Programs that use SSH for transport aren't generally a part of the SSH
> distribution; SCP is -- note the direct support for selecting cryptographic
> ciphers or the presence of compression.  This is rather different than, say,
> rsync over ssh.
> 
> Surely, in a secure copying tool, the cryptographic protocol used to
> exchange data is of greater, not lesser importance than whether the
> datastream is compressed!
> 
> That being said, the main difference pragmatically between SCP and rsync is
> that rsync uses an encapsulation option -- -e -- to capture whatever options
> are desired inside a fully described executable command, like so:
> 
> rsync -e "ssh -2 -C -c blowfish" foo user at bar:/foo
> 
> By contrast, SCP's option for selecting the encapsulator doesn't support
> arbitrary options at all; it just provides a path to a binary.  This is
> considerably less flexible, but does enforce the meaningfulness of options
> like -C and -c.  The equivalent to the above, using the patched syntax, is:
> 
> scp -2 -C -c blowfish foo user at bar:/foo

no, the equivalent is
	scp -e "ssh -2 -C -c blowfish" foo user at bar:/foo


-m



More information about the openssh-unix-dev mailing list