On 11/04/2019 01:25 PM, Stuart Henderson wrote: > I'm sure it's already been considered, but from a user perspective it > would be very convenient if we could have essentially the command-line > interface of scp(1) (with divergence for filename escaping) but using > the SFTP protocol. Agreed, but it essentially means to fix a server-side threat with changes (that mainly happen) on the client side. In instances of cross-organization data transfers with established multi-tenant servers, that might not be a practical option. On the other hand, if it were possible to set a server account's login shell or ForceCommand to an "scpd", and thus completely cut out the normal shell ... (Yes, I'm aware that that'd likely entail re(?)implementing the entire server-side wildcard expansion within that executable. Given that different-OS shells' wildcard expansion is a known source of confusion, that doesn't seem like the worst idea ever, though, if I may say so.) Regards, -- Jochen Bern Systemingenieur Binect GmbH Robert-Koch-Straße 9 64331 Weiterstadt _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
