Damien, Reading the various articles about https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt have caused me to question the wisdom of using scp. Your observation:> Date: Tue, 22 Jan 2019 13:48:34 +1100 (AEDT) > From: Damien Miller <djm at mindrot.org> > Subject: Re: Status of SCP vulnerability > > "Don't use scp with untrusted servers."caught my eye. Do you see any 'advantage' to using sftp with an untrusted server? If so, any thoughts about making an easy way to disable scp both client and server side when doing an installation? Why on the server side? To get folks used to -not- using scp. Thanks in advance! Chris High.
On Wed, Jan 23, 2019 at 10:48 AM Chris High <highc at us.ibm.com> wrote:> > > Damien, > Reading the various articles about > https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt have > caused me to question the wisdom of using scp. Your observation: > > > Date: Tue, 22 Jan 2019 13:48:34 +1100 (AEDT) > > From: Damien Miller <djm at mindrot.org> > > Subject: Re: Status of SCP vulnerability > > > > "Don't use scp with untrusted servers." > > caught my eye. Do you see any 'advantage' to using sftp with an untrusted > server? If so, any thoughts about making an easy way to disable scp both > client and server side when doing an installation? > > Why on the server side? To get folks used to -not- using scp.The semi-chroot nature of sftp helps the server side vulnerabilities, which could in a bad case be used to rootkit or otherwise put in all sorts of nasty things that could leave shared data at risk.
Quoting Chris High <highc at us.ibm.com>:> caught my eye. Do you see any 'advantage' to using sftp with an untrusted > server? If so, any thoughts about making an easy way to disable scp both > client and server side when doing an installation?SFTP allows file resume, while scp does not. If this isn't the case, I'm welcome to be corrected. scp's command line interface is intuitive and reasonably sensible, especially as a follow-on to ncftp/friends like interfaces, a la local->remote/remote-local. Problem is, scp doesn't let you resume interrupting up/downloads. So we have to use the nasty/non-CLI-friendly sftp thing, which doesn't (seem) to support fairly straightforward mechanisms (user at hostname:/file/pathname/object <-> local object sort of stuff. There are too many arbitrary "issues" between the sftp/scp/ftps implementations to sort for end-users for them to pick outside of which one "gets the job done". I wish there was a way for either sftp to get scp-like interfaces, or scp to get all of the functionality of sftp, so the 'other' can die the ignominious death it deserves. =R=
On Jan 24 03:47, Malcolm wrote:> Quoting Chris High <highc at us.ibm.com>: > > > caught my eye. Do you see any 'advantage' to using sftp with an untrusted > > server? If so, any thoughts about making an easy way to disable scp both > > client and server side when doing an installation? > > SFTP allows file resume, while scp does not. If this isn't the case, I'm > welcome to be corrected. > > scp's command line interface is intuitive and reasonably sensible, especially > as a follow-on to ncftp/friends like interfaces, a la local->remote/remote-local. > > Problem is, scp doesn't let you resume interrupting up/downloads. So we have > to use the nasty/non-CLI-friendly sftp thing, which doesn't (seem) to support > fairly straightforward mechanisms (user at hostname:/file/pathname/object <-> > local object sort of stuff. > > There are too many arbitrary "issues" between the sftp/scp/ftps > implementations to sort for end-users for them to pick outside of which one > "gets the job done". > > I wish there was a way for either sftp to get scp-like interfaces, or scp to > get all of the functionality of sftp, so the 'other' can die the ignominious > death it deserves.What's missing in sftp is a drop in replacement mode for copying to the remote server, i.e. this should work out of the box: $ sftp -rp local_dir server:path But, alas: ssh: Could not resolve hostname local_dir: Name or service not known If sftp had this mode, I would alias scp=sftp and be done with it. Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190124/9d88f046/attachment.asc>