rapier at psc.edu
Thu Oct 11 01:15:39 EST 2007
Peter Stuge wrote:
> On Tue, Oct 09, 2007 at 02:29:37PM -0500, Larry Becke wrote:
>> I understand that that is not how scp works today.
> And it will likely never change.
Which is unfortunate because scp is, based on the logs I have access to,
what most users are using to transfer files. As much as it might be
nice if they moved to sftp I don't see it happening with any real
rapidity. We can argue all we like that sftp is better or rsync is
superior but unless the users agree it doesn't matter what we might
happen to think. I'm not saying that to be snotty or confrontational -
only as an observation of what I see around me.
>> I am suggesting this will make it trivial to secure one subset of
>> the system. That subset being scp.
> Moot point unless scp is the only way users can use the system, which
> I don't think is the case all too often.
No but unless you remove scp entirely many users, if not most, will keep
using it. Now, its possible that through user education you may be able
to tip the scales and get more of them to use sftp or some other method.
Of course, if user education really worked well half of us would
probably be out of work.
> Either you're prepared to make an effort in order to make the system
> secure, or it doesn't matter. Hacking up scp is good for neither. :\
Why not? I mean, we always hear people saying that scp is only in there
for compatibility reasons but what, precisely, is wrong with scp? If
there is something wrong with it then doesn't it makes sense to simply
stop distributing it? If there is nothing wrong with it then doesn't it
make sense to actually improve it to bring added functionality to users?
More information about the openssh-unix-dev