Feature request: Discussion.

Nicolas.Williams at ubsw.com Nicolas.Williams at ubsw.com
Tue May 14 02:25:30 EST 2002


Ultimately you can write a wrapper that implements ssh urls if you really care...

Nico
--  

> -----Original Message-----
> From: Rob McCauley [mailto:robmccau at RadOnc.Duke.EDU]
> Sent: Monday, May 13, 2002 12:17 PM
> To: ewheeler at kaico.com
> Cc: OpenSSH Devel List
> Subject: Re: Feature request: Discussion.
> 
> 
> 
> I'd say that the best reason not to add it is lack of a 
> compelling reason
> *to* add it.  ssh is not http.  I don't see any good reason 
> to make scp or
> ssh try to look like http, and I have to agree with Markus Friedl's
> assessment that url syntax lacks something in the aesthetics
> department.  I'd never use it.
> 
> I don't like the idea of supporting a password in the command line at
> all.  I can ignore the url syntax, but the thoughts of 
> enabling my users
> to create rsh like aliases with plaintext passwords embedded 
> in them would
> be unacceptable.  You have to know that given the choice, 
> most would opt
> to do that rather than configure public key authentication.
> 
> I just received a reply to this same message saying FTP 
> supports passwords
> on the command line, so we may as well support it.  I disagree.  FTP
> supports lots of evil things.  Let's support the core functionality
> securely.  Passwords in the command line is just an invitation for Bad
> Things to happen.  There's some enhanced risk, and I see no benefit.
> 
> Rob
> 
> -- 
> --------------------------------------------------------------
> ----------------
> Rob McCauley
> Radiation Oncology
> Duke University Medical Center
> 
> On Mon, 13 May 2002 ewheeler at kaico.com wrote:
> 
> > I agree that we shouldn't add the 'ssh://' since we're 
> trying to keep r*
> > compatibility, but is there a reason that a 
> > '--url 
> ssh://someones:password@somehoston#thisport/some/file' could/should
> > not be added?  I suppose --url could simply override the 
> source for the
> > scp.  Ideas?
> 
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.




More information about the openssh-unix-dev mailing list