On Thu, 2019-01-24 at 12:27 -0600, Ben Lindstrom wrote: > I know it isn't a "UI replacement" but it at least provides a more > complete UI for phasing people off of scp. I don't think this is an ideal solution... OpenSSH should be "overall" secure (that's what it's meant for), and especially not be a collection of tools/algos/etc. of which some(!) are safe to user and others not (with the user having to know which). This is, why upstream took the wise decision to eventually drop things like SSHv1 support and remove others (questionable algos) from being used by default. So with respect to scp (the tool) I see only the following reasonable ways: - make it securely usable with the SCP protocol (and IMO this should mean the general assumption that a remote server might be hostile) - let it use another protocol with which it can be made secure, at the same time disabling the "accidental" use of an unsafe SCP protocol, e.g. by moving all that in another client tool like not-so-scp ;-) or by having a switch like --use-legacy-not-so-secure-scp-protocol (names are subject to debate :D) - tossing scp altogether (of course, one could still try to fix the legacy SCP protocol as much as possible) Since it (scp) is used in probably millions of places in scripts and by users completely unaware of these issues, there should be really a hard break if it cannot be secured, cause these people assume it's secure. Therefore I think it's not enough to just provide a more convenient command line interface to sftp (as scp would be still there with issues) … and yes, I personally would really hate having to write that more character ;-) If it's possible to just use SFTP behind scp,… great,… maybe that even allows for more features to come up in the future. Cheers, Chris. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev