[Bug 982] scp doesn't work with password authentication when copying from remote to remote

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Apr 16 11:13:38 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=982


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Comment #3 from djm at mindrot.org  2006-04-16 11:13 -------
After thinking about this some more, there is a good reason why this patch
should not go in: when you perform a copy "scp host_a:file host_b" with this
patch, you must expose your password on "host_a" rather than the local host. 

You may not trust "host_a" with your "host_b" password (e.g. someone making a
trojan scp binary there could easily collect passwords without your knowledge),
and it isn't obvious to someone without a good knowledge of how this actually
works that they are actually entering a password on a non-local system. 

Adding a warning is probably not practical because the host that initiates a
remote to remote copy doesn't know what authentication mechanisms will be
needed.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list