Status of SCP vulnerability
Michael Stone
mstone at cs.loyola.edu
Thu Jan 24 06:13:27 AEDT 2019
On Wed, Jan 23, 2019 at 12:35:13PM -0600, Ben Lindstrom wrote:
>But the only way to drag scp into this century is pretty much a scp2
>style interface.
This. The openssh devs have been complaining for almost 20 years that
people should just use sftp, ignoring the fact that command line users
hate the interface. If the first 17 years of telling people that the
new interface is better didn't do it, it's unlikely that they'll be
convinced this year. (Wow, it doesn't seem like that long until you
write it out.)
Another alternative is to just use rsync in place of scp, but that does
still require retraining muscle memory and requires installation of
additional software.
More information about the openssh-unix-dev
mailing list