On Fri, Aug 4, 2017 at 1:37 PM, Jon Earle <earlej@xxxxxxxxxxx> wrote: > Hey, > > So, I would be looking at type A. Forgive me if my understanding of how > OpenSSH operates is not reflective of reality. I am assuming that, the file > transfer is happening somewhat logically, with a name being known, content > written, blah blah. > > From reading scp.c, it appears that, the client end at least knows the > file name so I must assume the server end must be given it. > scp merely uses ssh as an 8-bit-clean transport, your copy is two cooperating scp processes (the remote one having the '-t' flag as you noted). For your purposes you can ignore ssh/sshd and just focus on scp. In scp, the data and control messages are sent over stdin/stdout, anything on stderr on the remote end will get passed back to the client and shown on the client's terminal. A good description of the protocol, such as it is, is here: https://web.archive.org/web/20170215184048/https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works There is no mechanism in the existing scp program to do filtering. You could modify your scp to do this; I'd suggest looking at the sink() function (look for "namebuf") but be aware that the entire thing dates back to 4.2BSD and it's not the prettiest code ever. Note the also "sink" will be used when copying onto a machine when scp is used as the client. Note that you need to ensure that your users cant create files any other way (sftp, tar, shell redirection...) otherwise the exercise will be pointless. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev