Hi, On Thu, Jan 24, 2019 at 08:26:39PM +0000, Colin Watson wrote:> On Thu, Jan 24, 2019 at 12:00:48PM -0800, Jim Knoble wrote: > > 3. 'scp' stays, but becomes the CLI for SFTP, and the SCP protocol breaks. > > Why does "scp becomes the CLI for SFTP" necessitate "the SCP protocol > breaks"?The way scp works today is "run ssh to the remote, then invoke scp with a few extra options". So if "the program named scp" will no longer provide the server side functionality, it would break *older* scp clients trying to talk "scp-the-old-protocol" to *newer* ssh installations. Now, of course, the "scp-that-does-sftp" binary could have an understanding for the old scp-server-side options... but that sounds like a maintenance annoyance. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany gert at greenie.muc.de
On Thu, Jan 24, 2019 at 09:33:09PM +0100, Gert Doering wrote:> On Thu, Jan 24, 2019 at 08:26:39PM +0000, Colin Watson wrote: > > Why does "scp becomes the CLI for SFTP" necessitate "the SCP protocol > > breaks"? > > The way scp works today is "run ssh to the remote, then invoke scp with > a few extra options".As I noted in https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037479.html, the protocol involves passing -f or -t options as appropriate, so it's perfectly straightforward for the client to speak SFTP while preserving the existing server protocol. -- Colin Watson [cjwatson at debian.org]
On Fri, Jan 25, 2019 at 12:23:16AM +0000, Colin Watson wrote:>As I noted in >https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037479.html, >the protocol involves passing -f or -t options as appropriate, so it's >perfectly straightforward for the client to speak SFTP while preserving >the existing server protocol.potentially even exec'ing a different binary (scp-server or whatever) so the bulk of the code lives elsewhere, and is easy to remove (and audit the removal) if desired.