Mailing List Archive: scp: now using SFTP protocol by default

scp: now using SFTP protocol by default

Sep 8, 2021, 7:52 PM

Post #1 of 5 (547 views)

FYI: the next release will have scp using the SFTP protocol by
default.

There are two known incompatibilities:

Use of the SFTP protocol avoids interpretation of remote paths by
the shell. We consider this a feature, but it does change (simplify
really) necessary quoting of shell characters.

Remote paths with a ~user/ prefix require a SFTP protocol extension
that was included in OpenSSH 8.7's sftp-server.

The original scp/rcp protocol remains available via "scp -O ..."

If you're in a position to test snapshots/git prior to release
(ETA October), then it would be appreciated.

-d

---------- Forwarded message ----------
Date: Thu, 9 Sep 2021 12:36:31
From: git+noreply@mindrot.org
Reply-To: openssh-unix-dev@mindrot.org
To: openssh-commits@mindrot.org
Subject: [openssh-commits] [openssh] 01/01: upstream: Use the SFTP protocol by
default. The original scp/rcp

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 73050fa38fb36ae3326d768b574806352b97002d
Author: djm@openbsd.org <djm@openbsd.org>
Date: Wed Sep 8 23:31:39 2021 +0000

upstream: Use the SFTP protocol by default. The original scp/rcp

protocol remains available via the -O flag.

Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.

ok deraadt, after baking in snaps for a while without incident

OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
---
scp.1 | 42 ++++++++++++++++++++++--------------------
scp.c | 6 +++---
2 files changed, 25 insertions(+), 23 deletions(-)

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: scp: now using SFTP protocol by default [ In reply to ]

dbelyavs at redhat

Sep 16, 2021, 8:38 AM

Post #2 of 5 (547 views)

Permalink

Dear Damien,
Many thanks!

It's a change we are looking forward to.
I'd suggest adding one more minor change: an option to disable the SCP
protocol on a system level.
At least some of our customers sent us such a request.

https://github.com/openssh/openssh-portable/pull/271 is a possible way to
do it.
As scp utility doesn't read the system configuration file, the flag looks
like a best feasible option.

On Thu, Sep 9, 2021 at 4:54 AM Damien Miller <djm@mindrot.org> wrote:

> FYI: the next release will have scp using the SFTP protocol by
> default.
>
> There are two known incompatibilities:
>
> Use of the SFTP protocol avoids interpretation of remote paths by
> the shell. We consider this a feature, but it does change (simplify
> really) necessary quoting of shell characters.
>
> Remote paths with a ~user/ prefix require a SFTP protocol extension
> that was included in OpenSSH 8.7's sftp-server.
>
> The original scp/rcp protocol remains available via "scp -O ..."
>
> If you're in a position to test snapshots/git prior to release
> (ETA October), then it would be appreciated.
>
> -d
>
> ---------- Forwarded message ----------
> Date: Thu, 9 Sep 2021 12:36:31
> From: git+noreply@mindrot.org
> Reply-To: openssh-unix-dev@mindrot.org
> To: openssh-commits@mindrot.org
> Subject: [openssh-commits] [openssh] 01/01: upstream: Use the SFTP
> protocol by
> default. The original scp/rcp
>
> This is an automated email from the git hooks/post-receive script.
>
> djm pushed a commit to branch master
> in repository openssh.
>
> commit 73050fa38fb36ae3326d768b574806352b97002d
> Author: djm@openbsd.org <djm@openbsd.org>
> Date: Wed Sep 8 23:31:39 2021 +0000
>
> upstream: Use the SFTP protocol by default. The original scp/rcp
>
> protocol remains available via the -O flag.
>
> Note that ~user/ prefixed paths in SFTP mode require a protocol
> extension
> that was first shipped in OpenSSH 8.7.
>
> ok deraadt, after baking in snaps for a while without incident
>
> OpenBSD-Commit-ID: 23588976e28c281ff5988da0848cb821fec9213c
> ---
> scp.1 | 42 ++++++++++++++++++++++--------------------
> scp.c | 6 +++---
> 2 files changed, 25 insertions(+), 23 deletions(-)
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>

--
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Re: scp: now using SFTP protocol by default [ In reply to ]

djm at mindrot

Sep 19, 2021, 6:42 PM

Post #3 of 5 (545 views)

Permalink

On Thu, 9 Sep 2021, Damien Miller wrote:

> FYI: the next release will have scp using the SFTP protocol by
> default.
>
> There are two known incompatibilities:
>
> Use of the SFTP protocol avoids interpretation of remote paths by
> the shell. We consider this a feature, but it does change (simplify
> really) necessary quoting of shell characters.
>
> Remote paths with a ~user/ prefix require a SFTP protocol extension
> that was included in OpenSSH 8.7's sftp-server.
>
> The original scp/rcp protocol remains available via "scp -O ..."
>
> If you're in a position to test snapshots/git prior to release
> (ETA October), then it would be appreciated.

FYI, I'm rolling this back for the release that will happen in a few
days. We want to give people a bit more time to pick up the sftp-server
"expand-path@openssh.com" extension to support ~user paths.

If you're an OpenSSH maintainer for an operating system distribution
consider either updating your stable OpenSSH to the 8.8 release when
it ships or backporting the "expand-path@openssh.com" extension to
your stable OpenSSH sftp-server. Attached are some patches to do this
for OpenSSH 8.2 and should be fairly easily adaptable to other
versions.

Removing this backwards-compatibility problem in popular distributions
will hasten the time when we can turn scp protocol off by default.

-d

Re: scp: now using SFTP protocol by default [ In reply to ]

demiobenour at gmail

Sep 22, 2021, 2:46 AM

Post #4 of 5 (545 views)

Permalink

On 9/19/21 9:42 PM, Damien Miller wrote:
> On Thu, 9 Sep 2021, Damien Miller wrote:
>
>> FYI: the next release will have scp using the SFTP protocol by
>> default.
>>
>> There are two known incompatibilities:
>>
>> Use of the SFTP protocol avoids interpretation of remote paths by
>> the shell. We consider this a feature, but it does change (simplify
>> really) necessary quoting of shell characters.
>>
>> Remote paths with a ~user/ prefix require a SFTP protocol extension
>> that was included in OpenSSH 8.7's sftp-server.
>>
>> The original scp/rcp protocol remains available via "scp -O ..."
>>
>> If you're in a position to test snapshots/git prior to release
>> (ETA October), then it would be appreciated.
>
> FYI, I'm rolling this back for the release that will happen in a few
> days. We want to give people a bit more time to pick up the sftp-server
> "expand-path@openssh.com" extension to support ~user paths.

Is it still possible to explicitly enable use of the SFTP protocol,
preferably in a way that causes old versions of scp (which don?t support
it) to fail?

Sincerely,

Demi Marie Obenour
she/her/hers

Re: scp: now using SFTP protocol by default [ In reply to ]

djm at mindrot

Sep 22, 2021, 6:39 AM

Post #5 of 5 (545 views)

Permalink

On Wed, 22 Sep 2021, Demi Marie Obenour wrote:

> > FYI, I'm rolling this back for the release that will happen in a few
> > days. We want to give people a bit more time to pick up the sftp-server
> > "expand-path@openssh.com" extension to support ~user paths.
>
> Is it still possible to explicitly enable use of the SFTP protocol,
> preferably in a way that causes old versions of scp (which don?t support
> it) to fail?

"scp -s" will do this at present.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Mailing List Archive

Attached Files:

Attached Files: