Feature Suggestion - scp don't decrypt file at destination unecrypt on copy back switch

Gerard J. Cerchio gjpc at OB1Net.net
Thu Apr 7 05:40:37 EST 2005

Hi all,

Please pardon me if this has been discussed already on this list.
I searched on "destination" and did not find a hit.

The problem I am trying solve is having backups on a remote server
that even root cannot not read. I have seen lot's of specialized file
systems and volume drivers for various operating systems. But being
that all files are already scp'd to the destination(s) I am thinking 
that the
most efficient way to do this on a user by user basis may be a switch in
the scp command. This solutions would be highly portable and easily

The idea is this: when this switch is present, the file is encrypted on the
fly just as always.  However when the file reaches the destination, it
is emitted onto the disk in the transported encrypted state.  The decryption
stage is by-passed.  The file name is then  marked with a unique file
extension to indicate that it is encrypted.

When scp is called from the source machine to copy the file back, the
file remote agent recognizes the extension and does not re-encrypt the file
but sends the encrypted file. The file receiving agent then decrypts the 
and the copy is restored.

Alternatives may be to allow scp to take a source file from stdin, but then
encryption would be happening twice.

Of course there is always the script that encrypts files, scp's them and
it's scp'ing, decrypting partner, but this is what I am trying to avoid.

Any comments?

Gerard J. Cerchio
gjpc at circlesoft.com

More information about the openssh-unix-dev mailing list