scp: now using SFTP protocol by default
14 views
Skip to first unread message
Damien Miller
Sep 8, 2021, 10:55:41 PM9/8/21
to openssh-...@mindrot.org
FYI: the next release will have scp using the SFTP protocol by
default.
There are two known incompatibilities:
Use of the SFTP protocol avoids interpretation of remote paths by
the shell. We consider this a feature, but it does change (simplify
really) necessary quoting of shell characters.
Remote paths with a ~user/ prefix require a SFTP protocol extension
that was included in OpenSSH 8.7's sftp-server.
The original scp/rcp protocol remains available via "scp -O ..."
If you're in a position to test snapshots/git prior to release
(ETA October), then it would be appreciated.
-d
---------- Forwarded message ----------
Date: Thu, 9 Sep 2021 12:36:31
From: git+n...@mindrot.org
Reply-To: openssh-...@mindrot.org
To: openssh...@mindrot.org
Subject: [openssh-commits] [openssh] 01/01: upstream: Use the SFTP protocol by
default. The original scp/rcp
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 73050fa38fb36ae3326d768b574806352b97002d
Author: d...@openbsd.org <d...@openbsd.org>
Date: Wed Sep 8 23:31:39 2021 +0000
upstream: Use the SFTP protocol by default. The original scp/rcp
protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
---
scp.1 | 42 ++++++++++++++++++++++--------------------
scp.c | 6 +++---
2 files changed, 25 insertions(+), 23 deletions(-)
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
default.
There are two known incompatibilities:
Use of the SFTP protocol avoids interpretation of remote paths by
the shell. We consider this a feature, but it does change (simplify
really) necessary quoting of shell characters.
Remote paths with a ~user/ prefix require a SFTP protocol extension
that was included in OpenSSH 8.7's sftp-server.
The original scp/rcp protocol remains available via "scp -O ..."
If you're in a position to test snapshots/git prior to release
(ETA October), then it would be appreciated.
-d
---------- Forwarded message ----------
Date: Thu, 9 Sep 2021 12:36:31
From: git+n...@mindrot.org
Reply-To: openssh-...@mindrot.org
To: openssh...@mindrot.org
Subject: [openssh-commits] [openssh] 01/01: upstream: Use the SFTP protocol by
default. The original scp/rcp
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 73050fa38fb36ae3326d768b574806352b97002d
Author: d...@openbsd.org <d...@openbsd.org>
Date: Wed Sep 8 23:31:39 2021 +0000
upstream: Use the SFTP protocol by default. The original scp/rcp
protocol remains available via the -O flag.
Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.
ok deraadt, after baking in snaps for a while without incident
OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
---
scp.1 | 42 ++++++++++++++++++++++--------------------
scp.c | 6 +++---
2 files changed, 25 insertions(+), 23 deletions(-)
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Dmitry Belyavskiy
Sep 16, 2021, 11:41:42 AM9/16/21
to OpenSSH Devel List
Dear Damien,
Many thanks!
It's a change we are looking forward to.
I'd suggest adding one more minor change: an option to disable the SCP
protocol on a system level.
At least some of our customers sent us such a request.
https://github.com/openssh/openssh-portable/pull/271 is a possible way to
do it.
As scp utility doesn't read the system configuration file, the flag looks
like a best feasible option.
--
Dmitry Belyavskiy
Many thanks!
It's a change we are looking forward to.
I'd suggest adding one more minor change: an option to disable the SCP
protocol on a system level.
At least some of our customers sent us such a request.
https://github.com/openssh/openssh-portable/pull/271 is a possible way to
do it.
As scp utility doesn't read the system configuration file, the flag looks
like a best feasible option.
Dmitry Belyavskiy
Damien Miller
Sep 19, 2021, 10:04:39 PM9/19/21
to openssh-...@mindrot.org
On Thu, 9 Sep 2021, Damien Miller wrote:
> FYI: the next release will have scp using the SFTP protocol by
> default.
>
> There are two known incompatibilities:
>
> Use of the SFTP protocol avoids interpretation of remote paths by
> the shell. We consider this a feature, but it does change (simplify
> really) necessary quoting of shell characters.
>
> Remote paths with a ~user/ prefix require a SFTP protocol extension
> that was included in OpenSSH 8.7's sftp-server.
>
> The original scp/rcp protocol remains available via "scp -O ..."
>
> If you're in a position to test snapshots/git prior to release
> (ETA October), then it would be appreciated.
FYI, I'm rolling this back for the release that will happen in a few
> FYI: the next release will have scp using the SFTP protocol by
> default.
>
> There are two known incompatibilities:
>
> Use of the SFTP protocol avoids interpretation of remote paths by
> the shell. We consider this a feature, but it does change (simplify
> really) necessary quoting of shell characters.
>
> Remote paths with a ~user/ prefix require a SFTP protocol extension
> that was included in OpenSSH 8.7's sftp-server.
>
> The original scp/rcp protocol remains available via "scp -O ..."
>
> If you're in a position to test snapshots/git prior to release
> (ETA October), then it would be appreciated.
days. We want to give people a bit more time to pick up the sftp-server
"expan...@openssh.com" extension to support ~user paths.
If you're an OpenSSH maintainer for an operating system distribution
consider either updating your stable OpenSSH to the 8.8 release when
it ships or backporting the "expan...@openssh.com" extension to
your stable OpenSSH sftp-server. Attached are some patches to do this
for OpenSSH 8.2 and should be fairly easily adaptable to other
versions.
Removing this backwards-compatibility problem in popular distributions
will hasten the time when we can turn scp protocol off by default.
-d
Demi Marie Obenour
Sep 22, 2021, 5:49:06 AM9/22/21
to openssh-...@mindrot.org
On 9/19/21 9:42 PM, Damien Miller wrote:
> On Thu, 9 Sep 2021, Damien Miller wrote:
>
>> FYI: the next release will have scp using the SFTP protocol by
>> default.
>>
>> There are two known incompatibilities:
>>
>> Use of the SFTP protocol avoids interpretation of remote paths by
>> the shell. We consider this a feature, but it does change (simplify
>> really) necessary quoting of shell characters.
>>
>> Remote paths with a ~user/ prefix require a SFTP protocol extension
>> that was included in OpenSSH 8.7's sftp-server.
>>
>> The original scp/rcp protocol remains available via "scp -O ..."
>>
>> If you're in a position to test snapshots/git prior to release
>> (ETA October), then it would be appreciated.
>
> FYI, I'm rolling this back for the release that will happen in a few
> days. We want to give people a bit more time to pick up the sftp-server
> "expan...@openssh.com" extension to support ~user paths.
Is it still possible to explicitly enable use of the SFTP protocol,
> On Thu, 9 Sep 2021, Damien Miller wrote:
>
>> FYI: the next release will have scp using the SFTP protocol by
>> default.
>>
>> There are two known incompatibilities:
>>
>> Use of the SFTP protocol avoids interpretation of remote paths by
>> the shell. We consider this a feature, but it does change (simplify
>> really) necessary quoting of shell characters.
>>
>> Remote paths with a ~user/ prefix require a SFTP protocol extension
>> that was included in OpenSSH 8.7's sftp-server.
>>
>> The original scp/rcp protocol remains available via "scp -O ..."
>>
>> If you're in a position to test snapshots/git prior to release
>> (ETA October), then it would be appreciated.
>
> FYI, I'm rolling this back for the release that will happen in a few
> days. We want to give people a bit more time to pick up the sftp-server
> "expan...@openssh.com" extension to support ~user paths.
preferably in a way that causes old versions of scp (which don’t support
it) to fail?
Sincerely,
Demi Marie Obenour
she/her/hers
Damien Miller
Sep 22, 2021, 9:41:48 AM9/22/21
to Demi Marie Obenour, openssh-...@mindrot.org
On Wed, 22 Sep 2021, Demi Marie Obenour wrote:
> > FYI, I'm rolling this back for the release that will happen in a few
> > days. We want to give people a bit more time to pick up the sftp-server
> > "expan...@openssh.com" extension to support ~user paths.
>
> Is it still possible to explicitly enable use of the SFTP protocol,
> preferably in a way that causes old versions of scp (which don’t support
> it) to fail?
"scp -s" will do this at present.
> > FYI, I'm rolling this back for the release that will happen in a few
> > days. We want to give people a bit more time to pick up the sftp-server
> > "expan...@openssh.com" extension to support ~user paths.
>
> Is it still possible to explicitly enable use of the SFTP protocol,
> preferably in a way that causes old versions of scp (which don’t support
> it) to fail?
-d
Reply all
Reply to author
Forward
0 new messages