Comment by pickle-wizard
1 day ago
Handy stuff. This would be good for restricting service accounts.
There is a whole lot that SSH can do that most people don't know about.
1 day ago
Handy stuff. This would be good for restricting service accounts.
There is a whole lot that SSH can do that most people don't know about.
> There is a whole lot that SSH can do that most people don't know about.
I had to port ssh to embedded hardware decades ago, and pulling back the curtains I came to the opinion that everything was a mess.
for example, I needed to be able to upload/download firmware, and was surprised to find that scp wasn't a pure file transfer protocol. It is more like "log into the remote system via shell and run a file transfer program"
There are lots of other things I didn't like, like wholesale transferring environment variables back and forth, weird shell interactions and more.
It is very useful, but it is an organically grown program, not a designed protocol.
Scp not needing its own protocol is a feature and not a bug in my book..
thing is, there IS a transfer protocol, there are just no controls on the files. If you can log in, there is just passing security.
Just take a step back and think what you could do if it were a protocol:
- limit visible files
- limit access to files by user
- make access strictly read-only
- allow upload-only (sort of a dropbox)
- clear separation between login access and file access
- remove login user from the whole mess
- trivially tie in as a filesystem.
etc...
2 replies →