scp -t - revisited.....‏

[Larry Becke]

>From the testing that I've done so far, using the command= restriction essentially ignores any and all attempts by the client to send different remote filenames, directory commands, etc...
 
using scp -i some_key localfile  remotehost:../../../../../../../../../../tmp/file    places a copy of the file named "localfile"  in the directory specified in the command= line of the authorized keys file.
It completely overrides the -t and -f parameters passed by the client, which is really pretty cool in a sense.
 
You could probably even configure the command= to attempt to send a file, which would only work I assume if the client command was set to pull a file, rather than send one.
 
It might be fun to play with it to see what you can and can't force via the command= override from the authorized_keys file.
 
All in all, it gave me what so far appears to be a safe, secure, encrypted, receive only scp, where the file destination directory is controlled by the server, not the client.
 
Hella cool imo.
_________________________________________________________________
Your smile counts. The more smiles you share, the more we donate.  Join in.
www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline