I worked on a proposal like this a few years back (including proof of concept code).? I taught sftp to have an scp personality (closer to scp2 than scp), and it was rejected by the higher ups.? It may have been the dual-personality issue, but I know the scp2 concept was also rejected at the time as it was stated there should be one transfer tool. But the only way to drag scp into this century is pretty much a scp2 style interface.? As mimic all the stupidity of shell escape handling for wildcard matching while using sftp protocol is asking for brokenness in strange ways.? This is why scp2 was created by SSH Corp. Ben Colin Watson wrote on 1/23/19 12:00 PM:> On Wed, Jan 23, 2019 at 06:29:29PM +0100, Christoph Anton Mitterer wrote: >> So isn't it possibly to fully fix scp? > IMO a complete fix should involve converting scp to use the SFTP > protocol under the hood. PuTTY's pscp takes this approach. I started > working on a similar patch to OpenSSH some years ago but never got > around to finishing it. > > (Yes, a traditional scp client invokes scp on the server as part of its > protocol; but it passes special -f or -t options when it does so, so > that doesn't preclude having scp speak the SFTP protocol when invoked in > the ordinary way.) >
On Wed, Jan 23, 2019 at 12:35:13PM -0600, Ben Lindstrom wrote:>But the only way to drag scp into this century is pretty much a scp2 >style interface.This. The openssh devs have been complaining for almost 20 years that people should just use sftp, ignoring the fact that command line users hate the interface. If the first 17 years of telling people that the new interface is better didn't do it, it's unlikely that they'll be convinced this year. (Wow, it doesn't seem like that long until you write it out.) Another alternative is to just use rsync in place of scp, but that does still require retraining muscle memory and requires installation of additional software.
On 2019/01/23 14:13, Michael Stone wrote:> On Wed, Jan 23, 2019 at 12:35:13PM -0600, Ben Lindstrom wrote: > > But the only way to drag scp into this century is pretty much a scp2 > > style interface. > > This. The openssh devs have been complaining for almost 20 years that people > should just use sftp, ignoring the fact that command line users hate the > interface. If the first 17 years of telling people that the new interface is > better didn't do it, it's unlikely that they'll be convinced this year.remote->local copies in many common cases work just fine with s/scp/sftp. local->remote not so much - allowing "sftp localfile host:/path/" would go a long way towards making it easier for command line users to switch.
On Wed, Jan 23, 2019 at 2:18 PM Michael Stone <mstone at cs.loyola.edu> wrote:> > On Wed, Jan 23, 2019 at 12:35:13PM -0600, Ben Lindstrom wrote: > >But the only way to drag scp into this century is pretty much a scp2 > >style interface. > > This. The openssh devs have been complaining for almost 20 years that > people should just use sftp, ignoring the fact that command line users > hate the interface. If the first 17 years of telling people that the > new interface is better didn't do it, it's unlikely that they'll be > convinced this year. (Wow, it doesn't seem like that long until you > write it out.) > > Another alternative is to just use rsync in place of scp, but that does > still require retraining muscle memory and requires installation of > additional software.Or distinct software. As much extra work as it took, I got fond of using the old "rssh" toolkit, which worked well though it relied on the maintainer building a chroot cage to run it in effectively. It's been unmaintained for years, which made me nervous, but included hooks for putting rsync and other tools in a chroot cage. I know some of our fearless leaders loathe chroot cages, but if you *have* to run a service like rsync or scp, it's better than nothing. My chroot building tools are at https://github.com/nkadel/rssh-chroot-tools, and rssh is over at http://www.pizzashack.org/rssh/faq.shtml . Neither has been maintained in years. If someone with more time and expertise wants to do a security of rssh as software rather than its philosophy, I'd really appreciate it.