Today I happened to stumble on this more than two months old article :
https://www.redhat.com/en/blog/opens...-you-need-know
Quote:
One of the most important security changes for OpenSSH in Red Hat Enterprise Linux (RHEL) 9 is the deprecation of the SCP protocol.
These are the changes that we have implemented:
- The scp command line tool uses the SFTP protocol for file transfers by default.
- Usage of the SCP protocol can be restored using the newly added -O option.
- Usage of the SCP protocol can be completely disabled on the system. If the file /etc/ssh/disable_scp exists, any attempt to use the SCP protocol will fail.
|
What I don't understand is
Quote:
Though upstream has delayed switching to the SFTP protocol by default, we decided to switch completely in RHEL 9
|
The
OpenBSD 7.0 release notes of Oct 14, 2021 state:
Quote:
New features- scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. SFTP offers more predictable filename handling and does not require expansion of glob(3) patterns via the shell on the remote side.
- sftp-server(8): add a protocol extension to support expansion of ~/ and ~user/ prefixed paths. This was added to support these paths when used by scp(1) while in SFTP mode.
|
For legacy client the OpenBSD 7.0 man page describes this
-O option for forcing the usage of the old SCP instead of the newer SFTP
Quote:
-OUse the original SCP protocol for file transfers instead of the SFTP protocol. Forcing the use of the SCP protocol may be necessary for servers that do not implement SFTP, for backwards-compatibility for particular filename wildcard patterns and for expanding paths with a ‘~’ prefix for older SFTP servers. This mode is the default.
|
I understand that OpenSSH release dates don't match OpenBSD releases but I just wonder how the article author can say that upstream (the OpenSSH team) delayed switching to SFTP.
PS
https://openssh.com/portable.html does not mention any release information