On 2020/08/05 16:17, raf wrote: > The problem is when, for example, you only have > scp/sftp access to a remote server, such as your bank, > and you use WinSCP to transfer transaction files to > them to be actioned (people do this where I work), and > the bank hasn't properly protected themselves from this > "vulnerability". I really hope all banks do take this > vulnerability into account (e.g. by just supporting > sftp). It matters a lot for them. But it's an issue for > the bank / remote server, not an issue for the user who > doesn't and shouldn't need to know anything about this > (in the banking case). It matters for the user too. They need to know whether to use an sftp or an scp client, and if it's sftp then some things they may want to do (copying a file *to* a remote server) need a complicated method if using openssh's sftp client (echo "put foo" | sftp -f - hostname). _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev