Mailing List Archive

"Brian J. Murrell":

> Is there a .ssh/config option I can set to force scp with that host to
> use the legacy protocol?

No, because scp doesn't read ~/.ssh/config. scp spawns ssh, which
does, but that only affects ssh's operation.

--
Christian "naddy" Weisgerber naddy@mips.inka.de
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Tue, 2022-06-21 at 22:17 +0200, Christian Weisgerber wrote:
>
> No, because scp doesn't read ~/.ssh/config.? scp spawns ssh, which
> does, but that only affects ssh's operation.

Fair enough. Would it be unreasonable for scp to gracefully fallback
to the legacy protocol when SFTP fails though?

Cheers,
b.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On 21.06.22 22:17, Christian Weisgerber wrote:
> "Brian J. Murrell":
>
>> Is there a .ssh/config option I can set to force scp with that host to
>> use the legacy protocol?
>
> No, because scp doesn't read ~/.ssh/config. scp spawns ssh, which
> does, but that only affects ssh's operation.

For what it's worth: I had a quick look what a wrapper script can do,
and found that "ssh -G $TARGETHOST" can tell you whether that host has
an ssh_config setting of, for example, "sendenv NO_SFTP" (which will
hopefully never *actually* send anything, as IIUC the env var would need
to be *set* for that).

Now if only we could get the hostname(s) without entirely duplicating
scp's command line parsing ....... ?

Regards,
--
Jochen Bern
Systemingenieur

Binect GmbH

On 2022-06-22 at 10:48 +0200, Jochen Bern wrote:
> Now if only we could get the hostname(s) without entirely duplicating scp's
> command line parsing ....... ?

I have this, because I wrap both ssh and scp to be able to easily
redirect the agent socket based on a profile, to separate work from
personal keys and "code" from "prod". Some stuff is configured via
direnv setting of the right env var, and some stuff by a sourced config
file which can set override variables. It's handy but very
personal-setup-specific.

On the other hand, when trying to strip this down to the core parts
right now I decided I was too likely to introduce bugs. So you know
what? Have two scripts which grew a bit, will make people scream, and
let you keep all the broken fragments when it all goes horribly wrong.

For the "set the -O on some hosts" purpose you should ignore the
SSH_PDP_ROLE bits; that's for integration into my ssh-role script which
manages the systemd launch from a template ssh-agent-pdp@.service to
coordinate things. It shouldn't be needed. That stuff ... grew
organically. I'm not including that script or the .service file.

I don't expect anyone to use these as-is, but ... it's all been debugged
over a few years and has the worst rough edges worn smooth with only a
little bit of my blood on them, so it's not a _horrible_ starting point.
There's probably quite a few places left where there are bugs but this
has worked enough to let me work day-to-day without usually noticing
that there's a wrapper in the way.

-Phil