Deprecation of scp protocol and improving sftp client
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Aug 4 03:27:02 AEST 2020
On 8/3/20, 13:18, "Thorsten Glaser" <t.glaser at tarent.de> wrote:
On Mon, 3 Aug 2020, Blumenthal, Uri - 0553 - MITLL wrote:
>> I'd much prefer (a), even if it means I lose "scp remotehost:foo\* .".
>
> That would be the same as killing scp…
Definitely not for me - and I'm pretty sure there are others in the same boat/position. So, again - the choice is between "killing scp" for some, and killing it for everybody. And I'd much prefer that we don't enforce "misery spreading" to cover everybody,
>> Especially, since (almost always) I have equal privileges on both
>> local and remote hosts, so in that case I just originate that "scp"
>> from that remote. ;-)
>
> There’s privileges, and there’s network (NAT gateways or
> firewalls in between)…
True. That's a good point. My use case doesn't include/involve crossing firewalls. I think there's enough users on either side of this issue (those who need "scp" mostly/only within the cluster/domain, and those who use "scp" across NAT and/or firewall(s)). I'd say that there are greater security risks for the "firewall-crossing" users, so they should worry about potential vulnerabilities/exploits more.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200803/b1e0166c/attachment.p7s>
More information about the openssh-unix-dev
mailing list