Re: Status of SCP vulnerability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Jan 23, 2019 at 2:18 PM Michael Stone <mstone@xxxxxxxxxxxxx> wrote:
>
> On Wed, Jan 23, 2019 at 12:35:13PM -0600, Ben Lindstrom wrote:
> >But the only way to drag scp into this century is pretty much a scp2
> >style interface.
>
> This. The openssh devs have been complaining for almost 20 years that
> people should just use sftp, ignoring the fact that command line users
> hate the interface. If the first 17 years of telling people that the
> new interface is better didn't do it, it's unlikely that they'll be
> convinced this year. (Wow, it doesn't seem like that long until you
> write it out.)
>
> Another alternative is to just use rsync in place of scp, but that does
> still require retraining muscle memory and requires installation of
> additional software.

Or distinct software. As much extra work as it took, I got fond of
using the old "rssh" toolkit, which worked well though it relied on
the maintainer building a chroot cage to run it in effectively. It's
been unmaintained for years, which made me nervous, but included hooks
for putting rsync and other tools in a chroot cage. I know some of our
fearless leaders loathe chroot cages, but if you *have* to run a
service like rsync or scp, it's better than nothing. My chroot
building tools are at https://github.com/nkadel/rssh-chroot-tools, and
rssh is over at http://www.pizzashack.org/rssh/faq.shtml . Neither has
been maintained in years. If someone with more time and expertise
wants to do a security of rssh as software rather than its philosophy,
I'd really appreciate it.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux