Status of SCP vulnerability
Colin Watson
cjwatson at debian.org
Thu Jan 24 05:00:09 AEDT 2019
On Wed, Jan 23, 2019 at 06:29:29PM +0100, Christoph Anton Mitterer wrote:
> So isn't it possibly to fully fix scp?
IMO a complete fix should involve converting scp to use the SFTP
protocol under the hood. PuTTY's pscp takes this approach. I started
working on a similar patch to OpenSSH some years ago but never got
around to finishing it.
(Yes, a traditional scp client invokes scp on the server as part of its
protocol; but it passes special -f or -t options when it does so, so
that doesn't preclude having scp speak the SFTP protocol when invoked in
the ordinary way.)
--
Colin Watson [cjwatson at debian.org]
More information about the openssh-unix-dev
mailing list