Transferring file to local machine when SSHing into a foreign box
Peter Stuge
peter at stuge.se
Mon May 14 23:02:52 EST 2012
Dotan Cohen wrote:
> I understand that you feel that allowing the remote server to write
> (not execute) arbitrary files to the local machine is a security risk.
Correct. It's completely unacceptable in the general case.
> I also assume that you do not feel that scp being able to write
> arbitrary files to the local machine is not a security risk because it
> requires the explicit typing of a username and password, or better yet
> of a keypair. Please confirm or deny if my assumption is correct.
Incorrect. What you clearly do not understand is that scp being
invoked is an explicit action taken on the client, whereas something
happening automatically on the client in response to something being
invoked on the server is quite different.
//Peter
More information about the openssh-unix-dev
mailing list