Status of SCP vulnerability
Michael Stone
mstone at cs.loyola.edu
Thu Jan 24 09:09:39 AEDT 2019
On Wed, Jan 23, 2019 at 09:58:51PM +0100, Christoph Anton Mitterer wrote:
>Either such scp would silently fall back to the "old" scp protocol, if
>it talks to an "old" server... (in which case the whole thing doesn't
>make any sense).
>
>Or compatibility would be broken.
I don't think there's an openssh server that a current default
configuration can actually talk to that *wouldn't* have included an sftp
on the server side--so a client with an scp interface and an sftp
backend shouldn't have many compatibility issues.
More information about the openssh-unix-dev
mailing list