DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th July 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default OpenSSH SCP deprecation in RHEL 9: What you need to know

Today I happened to stumble on this more than two months old article : https://www.redhat.com/en/blog/opens...-you-need-know
Quote:
One of the most important security changes for OpenSSH in Red Hat Enterprise Linux (RHEL) 9 is the deprecation of the SCP protocol.

These are the changes that we have implemented:
  • The scp command line tool uses the SFTP protocol for file transfers by default.
  • Usage of the SCP protocol can be restored using the newly added -O option.
  • Usage of the SCP protocol can be completely disabled on the system. If the file /etc/ssh/disable_scp exists, any attempt to use the SCP protocol will fail.
What I don't understand is
Quote:
Though upstream has delayed switching to the SFTP protocol by default, we decided to switch completely in RHEL 9
The OpenBSD 7.0 release notes of Oct 14, 2021 state:
Quote:
New features
  • scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. SFTP offers more predictable filename handling and does not require expansion of glob(3) patterns via the shell on the remote side.
  • sftp-server(8): add a protocol extension to support expansion of ~/ and ~user/ prefixed paths. This was added to support these paths when used by scp(1) while in SFTP mode.
For legacy client the OpenBSD 7.0 man page describes this -O option for forcing the usage of the old SCP instead of the newer SFTP
Quote:
-O
Use the original SCP protocol for file transfers instead of the SFTP protocol. Forcing the use of the SCP protocol may be necessary for servers that do not implement SFTP, for backwards-compatibility for particular filename wildcard patterns and for expanding paths with a ‘~’ prefix for older SFTP servers. This mode is the default.
I understand that OpenSSH release dates don't match OpenBSD releases but I just wonder how the article author can say that upstream (the OpenSSH team) delayed switching to SFTP.

PS https://openssh.com/portable.html does not mention any release information
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 7th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The default protocol switched back and forth:
  • 8-September-2021: default set to the SFTP protocol
  • 20-September-2021: default set back to the RCP protocol, temporarily, for compatibility reasons. This commit was included in OpenBSD 7.0.
  • 15-October-2021: default set to the SFTP protocol for further testing.
  • 10-February-2022: default set to the RCP protocol. This commit was specifically for OpenSSH Release 8.9.
  • 23-February-2022: default set to the SFTP protocol. This commit was included in OpenBSD 7.0 and OpenSSH 9.0.
Source: commit log for src/usr.bin/ssh/scp.c.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSH 7.0 has been released. e1-531g News 0 11th August 2015 08:03 PM
OpenSSH 5.9 arrives J65nko News 0 7th September 2011 12:35 AM
OpenSSH 5.7 released J65nko News 0 25th January 2011 08:16 PM
Changing package repositories from RHEL to CentOS stukov Other BSD and UNIX/UNIX-like 10 17th June 2008 01:34 PM
What is the best kind of OpenSSH? php111 Other OS 3 3rd June 2008 10:32 PM


All times are GMT. The time now is 12:19 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick