scp -t - revisited.....

Peter Stuge stuge-openssh-unix-dev at
Sat Dec 8 06:41:01 EST 2007

Hi again Larry,

On Fri, Dec 07, 2007 at 10:58:12AM -0600, Larry Becke wrote:
> If this were to be put to use in some kind of publicly accessible
> location, I wouldn't even consider this a fix for our problem.  I
> do not believe in security through obscurity.

Oh I don't think this qualifies. It's not like you're hiding

> Now, where this comes into play is when we are dealing with sister
> companies, trusted trading partners, etc...   There's already a
> certain level of trust involved, and we're looking for something to
> prevent accidental file relocation.

Then I would be satisfied with this method.

> I understand that carefully tweaked data flow sent to the scp
> server side could cause data to be written to a location other than
> what's specified by the key.  I have no questions that that could
> happen.


> Now the one thing that I would ask, is this, could a crafted scp
> connection (even when forced to run scp -t ) cause a file to be
> pulled down to the client?

I don't think so, no.


More information about the openssh-unix-dev mailing list