Re: Deprecation of scp protocol and improving sftp client

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



It seems to me that the "exploit" of

scp  /sourcefile remoteserver:'`touch /tmp/exploit.sh`/targetfile'

can be simplified to

ssh remoteservertouch /tmp/exploit.sh

Or are we talking about using ssh in conjunction with some third-party tool like "rssh", which claims to be able to grant scp access without shell access?  If ssh itself has never claimed that was possible, then maybe rssh should stop claiming that it is.

FWIW, I consider scp as a convenient shortcut for "ssh cat". Indeed, I sometimes find myself transferring files which are multiple hops away exactly like that:

ssh foo ssh bar cat baz >baz

If I want to transfer files to or from untrusted machines, or to offer file transfer access without shell access, then that is what sftp is for.

Regards,

Brian.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux