bmh10 / rpms / openssh

Forked from rpms/openssh 2 days ago
Clone

Blame SOURCES/openssh-8.7p1-sftp-default-protocol.patch

5dbb6f
diff --git a/scp.1 b/scp.1
5dbb6f
index 68aac04b..a96e95ad 100644
5dbb6f
--- a/scp.1
5dbb6f
+++ b/scp.1
5dbb6f
@@ -8,9 +8,9 @@
5dbb6f
 .\"
5dbb6f
 .\" Created: Sun May  7 00:14:37 1995 ylo
5dbb6f
 .\"
5dbb6f
-.\" $OpenBSD: scp.1,v 1.100 2021/08/11 14:07:54 naddy Exp $
5dbb6f
+.\" $OpenBSD: scp.1,v 1.101 2021/09/08 23:31:39 djm Exp $
5dbb6f
 .\"
5dbb6f
-.Dd $Mdocdate: August 11 2021 $
5dbb6f
+.Dd $Mdocdate: September 8 2021 $
5dbb6f
 .Dt SCP 1
5dbb6f
 .Os
5dbb6f
 .Sh NAME
5dbb6f
@@ -18,7 +18,7 @@
5dbb6f
 .Nd OpenSSH secure file copy
5dbb6f
 .Sh SYNOPSIS
5dbb6f
 .Nm scp
5dbb6f
-.Op Fl 346ABCOpqRrsTv
5dbb6f
+.Op Fl 346ABCOpqRrTv
5dbb6f
 .Op Fl c Ar cipher
5dbb6f
 .Op Fl D Ar sftp_server_path
5dbb6f
 .Op Fl F Ar ssh_config
5dbb6f
@@ -37,9 +37,6 @@ It uses
5dbb6f
 .Xr ssh 1
5dbb6f
 for data transfer, and uses the same authentication and provides the
5dbb6f
 same security as a login session.
5dbb6f
-The scp protocol requires execution of the remote user's shell to perform
5dbb6f
-.Xr glob 3
5dbb6f
-pattern matching.
5dbb6f
 .Pp
5dbb6f
 .Nm
5dbb6f
 will ask for passwords or passphrases if they are needed for
5dbb6f
@@ -79,7 +76,9 @@ The options are as follows:
5dbb6f
 Copies between two remote hosts are transferred through the local host.
5dbb6f
 Without this option the data is copied directly between the two remote
5dbb6f
 hosts.
5dbb6f
-Note that, when using the legacy SCP protocol (the default), this option
5dbb6f
+Note that, when using the legacy SCP protocol (via the
5dbb6f
+.Fl O
5dbb6f
+flag), this option
5dbb6f
 selects batch mode for the second host as
5dbb6f
 .Nm
5dbb6f
 cannot ask for passwords or passphrases for both hosts.
5dbb6f
@@ -146,9 +145,10 @@ Limits the used bandwidth, specified in Kbit/s.
5dbb6f
 .It Fl O
5dbb6f
 Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
5dbb6f
 Forcing the use of the SCP protocol may be necessary for servers that do
5dbb6f
-not implement SFTP or for backwards-compatibility for particular filename
5dbb6f
-wildcard patterns.
5dbb6f
-This mode is the default.
5dbb6f
+not implement SFTP, for backwards-compatibility for particular filename
5dbb6f
+wildcard patterns and for expanding paths with a
5dbb6f
+.Sq ~
5dbb6f
+prefix for older SFTP servers.
5dbb6f
 .It Fl o Ar ssh_option
5dbb6f
 Can be used to pass options to
5dbb6f
 .Nm ssh
5dbb6f
@@ -258,16 +258,6 @@ to use for the encrypted connection.
5dbb6f
 The program must understand
5dbb6f
 .Xr ssh 1
5dbb6f
 options.
5dbb6f
-.It Fl s
5dbb6f
-Use the SFTP protocol for file transfers instead of the legacy SCP protocol.
5dbb6f
-Using SFTP avoids invoking a shell on the remote side and provides
5dbb6f
-more predictable filename handling, as the SCP protocol
5dbb6f
-relied on the remote shell for expanding
5dbb6f
-.Xr glob 3
5dbb6f
-wildcards.
5dbb6f
-.Pp
5dbb6f
-A near-future release of OpenSSH will make the SFTP protocol the default.
5dbb6f
-This option will be deleted before the end of 2022.
5dbb6f
 .It Fl T
5dbb6f
 Disable strict filename checking.
5dbb6f
 By default when copying files from a remote host to a local directory
5dbb6f
@@ -299,11 +289,23 @@ debugging connection, authentication, and configuration problems.
5dbb6f
 .Xr ssh_config 5 ,
5dbb6f
 .Xr sftp-server 8 ,
5dbb6f
 .Xr sshd 8
5dbb6f
+.Sh CAVEATS
5dbb6f
+The original scp protocol (selected by the
5dbb6f
+.Fl O
5dbb6f
+flag) requires execution of the remote user's shell to perform
5dbb6f
+.Xr glob 3
5dbb6f
+pattern matching.
5dbb6f
+This requires careful quoting of any characters that have special meaning to
5dbb6f
+the remote shell, such as quote characters.
5dbb6f
 .Sh HISTORY
5dbb6f
 .Nm
5dbb6f
 is based on the rcp program in
5dbb6f
 .Bx
5dbb6f
 source code from the Regents of the University of California.
5dbb6f
+.Pp
5dbb6f
+Since OpenSSH 8.8 (8.7 in Red Hat/Fedora builds),
5dbb6f
+.Nm
5dbb6f
+has use the SFTP protocol for transfers by default.
5dbb6f
 .Sh AUTHORS
5dbb6f
 .An Timo Rinne Aq Mt tri@iki.fi
5dbb6f
 .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
5dbb6f
diff --git a/scp.c b/scp.c
5dbb6f
index e039350c..c7cf7529 100644
5dbb6f
--- a/scp.c
5dbb6f
+++ b/scp.c
5dbb6f
@@ -1,4 +1,4 @@
5dbb6f
-/* $OpenBSD: scp.c,v 1.232 2021/08/11 14:07:54 naddy Exp $ */
5dbb6f
+/* $OpenBSD: scp.c,v 1.233 2021/09/08 23:31:39 djm Exp $ */
5dbb6f
 /*
5dbb6f
  * scp - secure remote copy.  This is basically patched BSD rcp which
5dbb6f
  * uses ssh to do the data transfer (instead of using rcmd).
5dbb6f
@@ -448,7 +448,7 @@ main(int argc, char **argv)
5dbb6f
 	const char *errstr;
5dbb6f
 	extern char *optarg;
5dbb6f
 	extern int optind;
5dbb6f
-	enum scp_mode_e mode = MODE_SCP;
5dbb6f
+	enum scp_mode_e mode = MODE_SFTP;
5dbb6f
 	char *sftp_direct = NULL;
5dbb6f
 
5dbb6f
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
5dbb6f
@@ -1983,7 +1983,7 @@ void
5dbb6f
 usage(void)
5dbb6f
 {
5dbb6f
 	(void) fprintf(stderr,
5dbb6f
-	    "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
5dbb6f
+	    "usage: scp [-346ABCOpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
5dbb6f
 	    "           [-i identity_file] [-J destination] [-l limit]\n"
5dbb6f
 	    "           [-o ssh_option] [-P port] [-S program] source ... target\n");
5dbb6f
 	exit(1);