scp -t . - possible idea for additional parameter

Peter Stuge stuge-openssh-unix-dev at
Thu Oct 4 12:20:06 EST 2007

On Wed, Oct 03, 2007 at 02:46:06AM -0500, Larry Becke wrote:
> One of the minor issues we face as we tackle security issues is the
> idea that scp allows someone to navigate directory structures that
> aren't restricted to the user that is logging in.

That is not how scp works, that is how the server operating system

scp does not allow or enable anything that has been disabled before
or outside scp.

OpenSSH uses the user's shell for any and all executions on behalf of
a user, including scp and sftp-server. If you want to restrict users,
the shell is a nice place to implement policy.


More information about the openssh-unix-dev mailing list