On Mon, 2020-11-02 at 16:36 +0100, Kamil Dudka wrote:
On Monday, November 2, 2020 3:44:39 PM CET Jakub Jelen wrote:
> Hi Fedora users!
> Over the last years, there were several issues in the SCP protocol,
> which lead us into discussions if we can get rid of it in upstream .
> Most of the voices there said that they use SCP mostly for simple ad-hoc
> copy and because sftp utility does not provide simple interface to copy
> one or couple of files back and forth and because of people are just
> used to write scp rather than sftp.
> Some months ago, I wrote a patch  for scp to use SFTP internally
> (with possibility to change it back using -M scp) and ran it through
> some successful testing. The general feedback from upstream was also
> quite positive so I would like to hear also opinions from our users.
> It still has some limitations (missing -3 support, it will not work if
> the server does not run sftp subsystem, ...), but it should be good
> enough for most common use cases.
> Today, I set up a copr repository with the current openssh from Fedora +
> the patch  for anyone to test and provide feedback, either here on
> the mailing list, or in the github PR according to ones preferences.
> I am looking for any kind of feedback from the idea through the
> usability, implementation. Is this something you would like to see in
> Fedora soon? Do you have something against this? Is your use case missing?
>  https://github.com/openssh/openssh-portable/pull/194/
>  https://copr.fedorainfracloud.org/coprs/jjelen/openssh-sftp/
How is the "compatibility scpd to support old clients" going to differ
from the current implementation?
libcurl implements its own SCP client over libssh. Will this implementation
continue to work after OpenSSH gets updated on servers?
Applications often allow users to pass arbitrary URLs to libcurl. So one can,
for example, use scp:// URLs to specify a kickstart for Anaconda. The fact
that scp utility will be reimplemented over SFTP does not help much in this
case. Each build of libcurl that supports scp:// supports sftp:// as well.
But libcurl will not transmit scp:// requests over sftp:// in case SCP is not
supported by the remote server any more.
Sounds like a RFE for libcurl to slowly move scp:// to be using the
sftp protocol instead ?
Or they could simply deprecate it, and then users will have to change
their config to say sftp://
For something like libcurl the latter is probably more appropriate
RHEL Crypto Team
Red Hat, Inc