Deprecation of scp protocol and improving sftp client
raf
ssh at raf.org
Wed Aug 5 08:37:33 AEST 2020
On Tue, Aug 04, 2020 at 01:29:52AM +0200, Thorsten Glaser <t.glaser at tarent.de> wrote:
> On Tue, 4 Aug 2020, raf wrote:
>
> > In such cases, this vulnerability can be mitigated by
> > the use of an ssh-specific command whitelisting control
> > such as:
>
> Probably just as easy: give the user a restricted shell
> (/bin/rmksh) as shell and set their PATH etc. suitably,
> to not include any other commands.
>
> bye,
> //mirabilos
> PS: Full disclosure: I’m the mksh developer
I've thought of a valid use for this kind of behaviour
that someone might actually be relying on. :-)
scp sourcefile remoteserver:'`[ -d /a/b/c ] || mkdir -p /a/b/c`/a/b/c/targetfile'
(i.e. ensure that the destination directory exists before writing the file to it)
cheers,
raf
More information about the openssh-unix-dev
mailing list