scp -t - revisited.....‏

Larry Becke guyverdh at
Fri Dec 7 13:35:47 EST 2007

>From the testing that I've done so far, using the command= restriction essentially ignores any and all attempts by the client to send different remote filenames, directory commands, etc...
using scp -i some_key localfile  remotehost:../../../../../../../../../../tmp/file    places a copy of the file named "localfile"  in the directory specified in the command= line of the authorized keys file.
It completely overrides the -t and -f parameters passed by the client, which is really pretty cool in a sense.
You could probably even configure the command= to attempt to send a file, which would only work I assume if the client command was set to pull a file, rather than send one.
It might be fun to play with it to see what you can and can't force via the command= override from the authorized_keys file.
All in all, it gave me what so far appears to be a safe, secure, encrypted, receive only scp, where the file destination directory is controlled by the server, not the client.
Hella cool imo.
Your smile counts. The more smiles you share, the more we donate.  Join in.

More information about the openssh-unix-dev mailing list