Deprecation of scp protocol and improving sftp client
raf
ssh at raf.org
Tue Aug 4 09:20:30 AEST 2020
On Mon, Aug 03, 2020 at 08:34:04PM +0200, Christoph Anton Mitterer <calestyo at scientia.net> wrote:
> On Mon, 2020-08-03 at 19:17 +0200, Thorsten Glaser wrote:
> > That would be the same as killing scp…
>
> Better that... than having an inherently insecure scp... or at least
> make it absolutely clear and rename it to i[nsecure]scp.
But it's not inherently insecure. For most cases, or at
least for the default case, where the users of scp are
also allowed to use ssh, this is not a vulnerability.
It only becomes insecure when general ssh access is not
allowed but scp access is.
> If the core functionality of a program (which is here probably the
> "secure") is no longer given, then it's IMO better to rather cause
> breakage (at least for old clients), than to keep going.
The core functionality is the encrypted transfer of
files. That is still there.
> Cheers,
> Chris.
cheers,
raf
More information about the openssh-unix-dev
mailing list