Feature Suggestion - scp don't decrypt file at destination unecrypt on copy back switch

Chris Rapier rapier at psc.edu
Thu Apr 7 09:47:59 EST 2005


Peter Stuge wrote:
> On Wed, Apr 06, 2005 at 02:50:24PM -0700, Gerard J. Cerchio wrote:
> 
>>Thanks Damien, but this solution leads to single file recovery
>>problems, especially given that most users can't tell a tar from a
>>feather. ;)
> 
> 
> On the other hand, OpenSSH isn't really a backup software.

To amplify: It really isn't. I feel its best to think of it as a transport 
protocol riding on top of TCP (this would be especially true for SSHv2) or as 
a pipe. What happens on either end of the pipe isn't really something that SSH 
should necessarily be involved with.

The main thing you seem to be looking to do is to save yourself the trauma of 
double encryption. I'd suggest that th easiest way to do that is to set up a 
kerberos realm, encrypt the file locally, and use KFTP - that was you get 
secure authentication, you don't get the performance hit of using standard V2, 
and you don't have double encryption. Since you can script KFTP you can even 
write a shell script or perl whatever to handle the encryption and file 
handling processes inbound and outbound.

chris




More information about the openssh-unix-dev mailing list