scp -t - revisited.....

Peter Stuge stuge-openssh-unix-dev at
Fri Dec 7 12:02:50 EST 2007

On Thu, Dec 06, 2007 at 05:26:14PM -0600, Larry Becke wrote:
> This leads me to believe that using the scp -t
> /some/path/to/a/directory  command= in the authorized_keys file
> causes scp to forget/ignore everything after the remote hostname.

There is one more step between the remote scp (run with -t) and the
"remote filename" as specified in the local shell: The local scp.

> This gives us almost exactly what we were looking for

I think that depends on the local scp program.

What happens if you (within the scp protocol, not in the shell)
specify e.g. a new directory ../../../../../../../tmp/breakout ?

I would assume that /tmp/breakout is created.

If your local scp program is trusted then you're all set. But if that
was the case why bother with locking down the server?

> Like I said, I'm sitting here laughing right now, mostly because it
> was a lot of wasted effort on all sides to argue (or discuss with
> pointed statements) over something that already existed, even if it
> wasn't known or documented.

I still believe there was a good reason for that argument.

> (Wonders if this will be considered a bug to be fixed or quashed as
> it wasn't an intended *feature* of scp)....   I hope not...

It's just a side effect of the rcp/scp design.


More information about the openssh-unix-dev mailing list