sftp Vs scp

Chris High highc at us.ibm.com
Thu Jan 24 02:45:37 AEDT 2019

  Reading the various articles about
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt have
caused me to question the wisdom of using scp.  Your observation:

> Date: Tue, 22 Jan 2019 13:48:34 +1100 (AEDT)
> From: Damien Miller <djm at mindrot.org>
> Subject: Re: Status of SCP vulnerability
>   "Don't use scp with untrusted servers."

caught my eye.  Do you see any 'advantage' to using sftp with an untrusted
server?  If so, any thoughts about making an easy way to disable scp both
client and server side when doing an installation?

Why on the server side?  To get folks used to -not- using scp.

Thanks in advance!
  Chris High.

More information about the openssh-unix-dev mailing list