Deprecation of scp protocol and improving sftp client
raf
ssh at raf.org
Tue Aug 4 09:13:17 AEST 2020
On Mon, Aug 03, 2020 at 05:06:35PM +0000, "Blumenthal, Uri - 0553 - MITLL" <uri at ll.mit.edu> wrote:
> I hear you - but it seems that the choice is between (a) limiting
> "scp" functionality to address the security vulnerability, and (b)
> killing "scp" altogether.
>
> I'd much prefer (a), even if it means I lose "scp remotehost:foo\* .".
>
> Especially, since (almost always) I have equal privileges on both
> local and remote hosts, so in that case I just originate that "scp"
> from that remote. ;-)
>
> TNX
If you have equal privileges on both hosts, this isn't
a vulnerability. It's only a vulnerability in cases
where you have scp access to the remote host but you
are not supposed to have general ssh access (i.e. shell
access).
In such cases, this vulnerability can be mitigated by
the use of an ssh-specific command whitelisting control
such as:
github.com/raforg/sshdo (auto learn/unlearn policy, exact cmds, no regex)
github.com/daethnir/authprogs (manual policy, supports regex)
Disclaimer: I made sshdo so I'm biased. But if you
really think you need regex support and don't mind the
extra effort and the risk, authprogs will solve the
problem too. But I'd recommend reading the sshdo FAQ
before choosing.
cheers,
raf
More information about the openssh-unix-dev
mailing list