Deprecation of scp protocol and improving sftp client

raf ssh at raf.org
Tue Aug 4 09:20:30 AEST 2020


On Mon, Aug 03, 2020 at 08:34:04PM +0200, Christoph Anton Mitterer <calestyo at scientia.net> wrote:

> On Mon, 2020-08-03 at 19:17 +0200, Thorsten Glaser wrote:
> > That would be the same as killing scp…
> 
> Better that... than having an inherently insecure scp... or at least
> make it absolutely clear and rename it to i[nsecure]scp.

But it's not inherently insecure. For most cases, or at
least for the default case, where the users of scp are
also allowed to use ssh, this is not a vulnerability.
It only becomes insecure when general ssh access is not
allowed but scp access is.

> If the core functionality of a program (which is here probably the
> "secure") is no longer given, then it's IMO better to rather cause
> breakage (at least for old clients), than to keep going.

The core functionality is the encrypted transfer of
files. That is still there.

> Cheers,
> Chris.

cheers,
raf



More information about the openssh-unix-dev mailing list