rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
Source Code
GIT

Blame SOURCES/openssh-8.7p1-sftp-default-protocol.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   9070b3f0cc62f7ca60cb21dae152cec1e10f9e7a
  2.   SOURCES
  3.   openssh-8.7p1-sftp-default-protocol.patch
Blob History Raw
9070b3 
diff --git a/scp.1 b/scp.1
9070b3 
index 68aac04b..a96e95ad 100644
9070b3 
--- a/scp.1
9070b3 
+++ b/scp.1
9070b3 
@@ -8,9 +8,9 @@
9070b3 
 .\"
9070b3 
 .\" Created: Sun May  7 00:14:37 1995 ylo
9070b3 
 .\"
9070b3 
-.\" $OpenBSD: scp.1,v 1.100 2021/08/11 14:07:54 naddy Exp $
9070b3 
+.\" $OpenBSD: scp.1,v 1.101 2021/09/08 23:31:39 djm Exp $
9070b3 
 .\"
9070b3 
-.Dd $Mdocdate: August 11 2021 $
9070b3 
+.Dd $Mdocdate: September 8 2021 $
9070b3 
 .Dt SCP 1
9070b3 
 .Os
9070b3 
 .Sh NAME
9070b3 
@@ -18,7 +18,7 @@
9070b3 
 .Nd OpenSSH secure file copy
9070b3 
 .Sh SYNOPSIS
9070b3 
 .Nm scp
9070b3 
-.Op Fl 346ABCOpqRrsTv
9070b3 
+.Op Fl 346ABCOpqRrTv
9070b3 
 .Op Fl c Ar cipher
9070b3 
 .Op Fl D Ar sftp_server_path
9070b3 
 .Op Fl F Ar ssh_config
9070b3 
@@ -37,9 +37,6 @@ It uses
9070b3 
 .Xr ssh 1
9070b3 
 for data transfer, and uses the same authentication and provides the
9070b3 
 same security as a login session.
9070b3 
-The scp protocol requires execution of the remote user's shell to perform
9070b3 
-.Xr glob 3
9070b3 
-pattern matching.
9070b3 
 .Pp
9070b3 
 .Nm
9070b3 
 will ask for passwords or passphrases if they are needed for
9070b3 
@@ -79,7 +76,9 @@ The options are as follows:
9070b3 
 Copies between two remote hosts are transferred through the local host.
9070b3 
 Without this option the data is copied directly between the two remote
9070b3 
 hosts.
9070b3 
-Note that, when using the legacy SCP protocol (the default), this option
9070b3 
+Note that, when using the legacy SCP protocol (via the
9070b3 
+.Fl O
9070b3 
+flag), this option
9070b3 
 selects batch mode for the second host as
9070b3 
 .Nm
9070b3 
 cannot ask for passwords or passphrases for both hosts.
9070b3 
@@ -146,9 +145,10 @@ Limits the used bandwidth, specified in Kbit/s.
9070b3 
 .It Fl O
9070b3 
 Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
9070b3 
 Forcing the use of the SCP protocol may be necessary for servers that do
9070b3 
-not implement SFTP or for backwards-compatibility for particular filename
9070b3 
-wildcard patterns.
9070b3 
-This mode is the default.
9070b3 
+not implement SFTP, for backwards-compatibility for particular filename
9070b3 
+wildcard patterns and for expanding paths with a
9070b3 
+.Sq ~
9070b3 
+prefix for older SFTP servers.
9070b3 
 .It Fl o Ar ssh_option
9070b3 
 Can be used to pass options to
9070b3 
 .Nm ssh
9070b3 
@@ -258,16 +258,6 @@ to use for the encrypted connection.
9070b3 
 The program must understand
9070b3 
 .Xr ssh 1
9070b3 
 options.
9070b3 
-.It Fl s
9070b3 
-Use the SFTP protocol for file transfers instead of the legacy SCP protocol.
9070b3 
-Using SFTP avoids invoking a shell on the remote side and provides
9070b3 
-more predictable filename handling, as the SCP protocol
9070b3 
-relied on the remote shell for expanding
9070b3 
-.Xr glob 3
9070b3 
-wildcards.
9070b3 
-.Pp
9070b3 
-A near-future release of OpenSSH will make the SFTP protocol the default.
9070b3 
-This option will be deleted before the end of 2022.
9070b3 
 .It Fl T
9070b3 
 Disable strict filename checking.
9070b3 
 By default when copying files from a remote host to a local directory
9070b3 
@@ -299,11 +289,23 @@ debugging connection, authentication, and configuration problems.
9070b3 
 .Xr ssh_config 5 ,
9070b3 
 .Xr sftp-server 8 ,
9070b3 
 .Xr sshd 8
9070b3 
+.Sh CAVEATS
9070b3 
+The original scp protocol (selected by the
9070b3 
+.Fl O
9070b3 
+flag) requires execution of the remote user's shell to perform
9070b3 
+.Xr glob 3
9070b3 
+pattern matching.
9070b3 
+This requires careful quoting of any characters that have special meaning to
9070b3 
+the remote shell, such as quote characters.
9070b3 
 .Sh HISTORY
9070b3 
 .Nm
9070b3 
 is based on the rcp program in
9070b3 
 .Bx
9070b3 
 source code from the Regents of the University of California.
9070b3 
+.Pp
9070b3 
+Since OpenSSH 8.8 (8.7 in Red Hat/Fedora builds),
9070b3 
+.Nm
9070b3 
+has use the SFTP protocol for transfers by default.
9070b3 
 .Sh AUTHORS
9070b3 
 .An Timo Rinne Aq Mt tri@iki.fi
9070b3 
 .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
9070b3 
diff --git a/scp.c b/scp.c
9070b3 
index e039350c..c7cf7529 100644
9070b3 
--- a/scp.c
9070b3 
+++ b/scp.c
9070b3 
@@ -1,4 +1,4 @@
9070b3 
-/* $OpenBSD: scp.c,v 1.232 2021/08/11 14:07:54 naddy Exp $ */
9070b3 
+/* $OpenBSD: scp.c,v 1.233 2021/09/08 23:31:39 djm Exp $ */
9070b3 
 /*
9070b3 
  * scp - secure remote copy.  This is basically patched BSD rcp which
9070b3 
  * uses ssh to do the data transfer (instead of using rcmd).
9070b3 
@@ -448,7 +448,7 @@ main(int argc, char **argv)
9070b3 
 	const char *errstr;
9070b3 
 	extern char *optarg;
9070b3 
 	extern int optind;
9070b3 
-	enum scp_mode_e mode = MODE_SCP;
9070b3 
+	enum scp_mode_e mode = MODE_SFTP;
9070b3 
 	char *sftp_direct = NULL;
9070b3
9070b3 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
9070b3 
@@ -1983,7 +1983,7 @@ void
9070b3 
 usage(void)
9070b3 
 {
9070b3 
 	(void) fprintf(stderr,
9070b3 
-	    "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
9070b3 
+	    "usage: scp [-346ABCOpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
9070b3 
 	    "           [-i identity_file] [-J destination] [-l limit]\n"
9070b3 
 	    "           [-o ssh_option] [-P port] [-S program] source ... target\n");
9070b3 
 	exit(1);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation