On Wed, Jan 23, 2019 at 2:18 PM Michael Stone <mstone@xxxxxxxxxxxxx> wrote: > > On Wed, Jan 23, 2019 at 12:35:13PM -0600, Ben Lindstrom wrote: > >But the only way to drag scp into this century is pretty much a scp2 > >style interface. > > This. The openssh devs have been complaining for almost 20 years that > people should just use sftp, ignoring the fact that command line users > hate the interface. If the first 17 years of telling people that the > new interface is better didn't do it, it's unlikely that they'll be > convinced this year. (Wow, it doesn't seem like that long until you > write it out.) > > Another alternative is to just use rsync in place of scp, but that does > still require retraining muscle memory and requires installation of > additional software. Or distinct software. As much extra work as it took, I got fond of using the old "rssh" toolkit, which worked well though it relied on the maintainer building a chroot cage to run it in effectively. It's been unmaintained for years, which made me nervous, but included hooks for putting rsync and other tools in a chroot cage. I know some of our fearless leaders loathe chroot cages, but if you *have* to run a service like rsync or scp, it's better than nothing. My chroot building tools are at https://github.com/nkadel/rssh-chroot-tools, and rssh is over at http://www.pizzashack.org/rssh/faq.shtml . Neither has been maintained in years. If someone with more time and expertise wants to do a security of rssh as software rather than its philosophy, I'd really appreciate it. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev