Status of SCP vulnerability

Michael Stone mstone at cs.loyola.edu
Thu Jan 24 09:09:39 AEDT 2019


On Wed, Jan 23, 2019 at 09:58:51PM +0100, Christoph Anton Mitterer wrote:
>Either such scp would silently fall back to the "old" scp protocol, if
>it talks to an "old" server... (in which case the whole thing doesn't
>make any sense).
>
>Or compatibility would be broken.

I don't think there's an openssh server that a current default
configuration can actually talk to that *wouldn't* have included an sftp 
on the server side--so a client with an scp interface and an sftp 
backend shouldn't have many compatibility issues.


More information about the openssh-unix-dev mailing list