Deprecation of scp protocol and improving sftp client
rapier
rapier at psc.edu
Tue Aug 11 03:33:16 AEST 2020
On 8/5/20 1:23 AM, Ethan Rahn wrote:
> It seems that there are a few camps here:
>
> * The scp power users - this camp believes that scp supporting backtick
> notation is fine and that running arbitrary commands is a perfectly fine
> thing to do.
> * The restricted shell users - this camp believes that scp supporting
> backtick may not be the best, and there are various restricted shells which
> can prevent this. Power users may belong to this camp.
> * The novice users - this camp is surprised to find that scp can be used to
> run commands. Once they understand that the server runs "scp -t" it makes a
> little more sense.
Sorry to come into this late but there is a very large camp that simply
doesn't care. They use scp because they have to in order to transfer
files due to requirements placed on them by admins. They aren't
concerned about security nearly as much as they just want to get their
files from A to B so they can do their work. For these people scp is the
default because that's what all the instructions and examples are based
on. It's a big part of the reason why I developed hpn-ssh. We couldn't
get the users to change their behaviour and they kept complaining about
slow transfers.
In short - for a whole lot of users scp is just a component of their
workflow. They don't really think about it unless it's causing problems.
So I'm all for getting rid of scp as long as you can get sftp to work in
exactly the same way. Then you just get replace scp with a symlink to
sftp. Which is far easier said than done.
More information about the openssh-unix-dev
mailing list