Re: Status of SCP vulnerability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Jan 23, 2019 at 06:29:29PM +0100, Christoph Anton Mitterer wrote:
> So isn't it possibly to fully fix scp?

IMO a complete fix should involve converting scp to use the SFTP
protocol under the hood.  PuTTY's pscp takes this approach.  I started
working on a similar patch to OpenSSH some years ago but never got
around to finishing it.

(Yes, a traditional scp client invokes scp on the server as part of its
protocol; but it passes special -f or -t options when it does so, so
that doesn't preclude having scp speak the SFTP protocol when invoked in
the ordinary way.)

-- 
Colin Watson                                       [cjwatson@xxxxxxxxxx]
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux