It seems to me that the "exploit" of
scp /sourcefile remoteserver:'`touch /tmp/exploit.sh`/targetfile'
can be simplified to
ssh remoteservertouch /tmp/exploit.sh
Or are we talking about using ssh in conjunction with some third-party
tool like "rssh", which claims to be able to grant scp access without
shell access? If ssh itself has never claimed that was possible, then
maybe rssh should stop claiming that it is.
FWIW, I consider scp as a convenient shortcut for "ssh cat". Indeed, I
sometimes find myself transferring files which are multiple hops away
exactly like that:
ssh foo ssh bar cat baz >baz
If I want to transfer files to or from untrusted machines, or to offer
file transfer access without shell access, then that is what sftp is for.
Regards,
Brian.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev