Deprecation of scp protocol and improving sftp client

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Tue Aug 4 03:27:02 AEST 2020


On 8/3/20, 13:18, "Thorsten Glaser" <t.glaser at tarent.de> wrote:
    On Mon, 3 Aug 2020, Blumenthal, Uri - 0553 - MITLL wrote:

    >> I'd much prefer (a), even if it means I lose "scp remotehost:foo\* .". 
    >
    > That would be the same as killing scp…

Definitely not for me - and I'm pretty sure there are others in the same boat/position. So, again - the choice is between "killing scp" for some, and killing it for everybody. And I'd much prefer that we don't enforce "misery spreading" to cover everybody,

    >> Especially, since (almost always) I have equal privileges on both
    >> local and remote hosts, so in that case I just originate that "scp"
    >> from that remote. ;-)
    >
    > There’s privileges, and there’s network (NAT gateways or
    > firewalls in between)…

True. That's a good point. My use case doesn't include/involve crossing firewalls. I think there's enough users on either side of this issue (those who need "scp" mostly/only within the cluster/domain, and those who use "scp" across NAT and/or firewall(s)). I'd say that there are greater security risks for the "firewall-crossing" users, so they should worry about potential vulnerabilities/exploits more.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200803/b1e0166c/attachment.p7s>


More information about the openssh-unix-dev mailing list