Deprecation of scp protocol and improving sftp client

raf ssh at
Wed Aug 5 08:37:33 AEST 2020

On Tue, Aug 04, 2020 at 01:29:52AM +0200, Thorsten Glaser <t.glaser at> wrote:

> On Tue, 4 Aug 2020, raf wrote:
> > In such cases, this vulnerability can be mitigated by
> > the use of an ssh-specific command whitelisting control
> > such as:
> Probably just as easy: give the user a restricted shell
> (/bin/rmksh) as shell and set their PATH etc. suitably,
> to not include any other commands.
> bye,
> //mirabilos
> PS: Full disclosure: I’m the mksh developer

I've thought of a valid use for this kind of behaviour
that someone might actually be relying on. :-)

  scp sourcefile remoteserver:'`[ -d /a/b/c ] || mkdir -p /a/b/c`/a/b/c/targetfile'

(i.e. ensure that the destination directory exists before writing the file to it)


More information about the openssh-unix-dev mailing list