Feature request: Discussion.

ewheeler at kaico.com ewheeler at kaico.com
Tue May 14 02:39:50 EST 2002


> I'd say that the best reason not to add it is lack of a compelling reason
> *to* add it.  ssh is not http.  I don't see any good reason to make scp or
> ssh try to look like http, and I have to agree with Markus Friedl's
> assessment that url syntax lacks something in the aesthetics
> department.  I'd never use it.

Cirtainly, ssh is not http, but neither is telnet, gopher, irc,
ftp, or beer (yes, there is even a beer protocol:
http://cs.eboch.com/beerRun/).  The URL was defined to be protocol
independant.
 
I am no decorator so asthetics don't bother me one way or the other.  The
benefit I see would be to add helpers to mozilla/netscape to download
files via scp.  

> I don't like the idea of supporting a password in the command line at
> all.  I can ignore the url syntax, but the thoughts of enabling my users
> to create rsh like aliases with plaintext passwords embedded in them would
> be unacceptable.  You have to know that given the choice, most would opt
> to do that rather than configure public key authentication.
 
I agree that passwords via the command line should not be supported, and
maybe that could be an option "DisableCommandLinePasswords" or some such
animal to disable it site-wide.  (un?)fortunately, commandline passwords
*do* exist -- I saw a patch committed some time ago which would allow
this, which could be scarry in it's own right:

$ echo password | ssh -fd 0 someone at nowhere.com 


> 1) Adds useless bload
Bloat?  the parser for a url command would only be used with '--url' or
some equivilent, and be very small in size.  I don't know that you can
call a url parser's code size or complexity bloated with respect to any pk
based crypto algorithm.

> 2) adds anonying and very poorly thought out GNU style getopts.
Not required.  There is no reason you could not use your own system to
read in options.  --url is only a suggestion; it could be -X where X is
"somethign"

> 3) Does not provide us with anything we don't already have.
Does the current ssh or scp implentation allow you to click a link and
securely download a file (hopefully after you've entered a password)?


-- 

Eric Wheeler
Network Administrator
KAICO
20417 SW 70th Ave.
Tualatin, OR 97062
www.kaico.com
Voice: 503.692.5268










More information about the openssh-unix-dev mailing list