scp, sftp, and special characters in filenames

Jochen Bern Jochen.Bern at
Wed Nov 6 20:21:02 AEDT 2019

On 11/04/2019 01:25 PM, Stuart Henderson wrote:
> I'm sure it's already been considered, but from a user perspective it
> would be very convenient if we could have essentially the command-line
> interface of scp(1) (with divergence for filename escaping) but using
> the SFTP protocol.

Agreed, but it essentially means to fix a server-side threat with
changes (that mainly happen) on the client side. In instances of
cross-organization data transfers with established multi-tenant servers,
that might not be a practical option.

On the other hand, if it were possible to set a server account's login
shell or ForceCommand to an "scpd", and thus completely cut out the
normal shell ...

(Yes, I'm aware that that'd likely entail re(?)implementing the entire
server-side wildcard expansion within that executable. Given that
different-OS shells' wildcard expansion is a known source of confusion,
that doesn't seem like the worst idea ever, though, if I may say so.)

Jochen Bern

Binect GmbH
Robert-Koch-Straße 9
64331 Weiterstadt

More information about the openssh-unix-dev mailing list