Deprecation of scp protocol and improving sftp client

Stuart Henderson stu at spacehopper.org
Wed Aug 5 17:33:35 AEST 2020


On 2020/08/05 16:17, raf wrote:
> The problem is when, for example, you only have
> scp/sftp access to a remote server, such as your bank,
> and you use WinSCP to transfer transaction files to
> them to be actioned (people do this where I work), and
> the bank hasn't properly protected themselves from this
> "vulnerability". I really hope all banks do take this
> vulnerability into account (e.g. by just supporting
> sftp). It matters a lot for them. But it's an issue for
> the bank / remote server, not an issue for the user who
> doesn't and shouldn't need to know anything about this
> (in the banking case).

It matters for the user too. They need to know whether to use an sftp
or an scp client, and if it's sftp then some things they may want to do
(copying a file *to* a remote server) need a complicated method if using
openssh's sftp client (echo "put foo" | sftp -f - hostname).



More information about the openssh-unix-dev mailing list