Comment by chasil
9 hours ago
I have a few observations about this article.
Generally, try not to use SCP. It has been a crufty old program from the Berkeley R-Utilities, but newer OpenSSH releases have rewritten it to use the sftp-server server instead. There will be wildly different behavior between these implementations.
The backend SCP changes are documented here:
https://lwn.net/Articles/835962/
If you need something that SFTP cannot do, then use tar on both sides.
PuTTY has implemented their pscp to prefer the sftp-server for many years, in a long prediction of the eventual abandonment. Their pscp implementation is a better drop-in replacement than the OpenSSH solutions.
The allure of SCP is retry on failure, which is somewhat more difficult with SFTP:
until scp source.txt user@target:dir/
do echo target down; sleep 300
done
Converting that to pscp is much easier than SFTP.
I also have an older rhel5 system where I am running tinysshd to use better SSH crypto. Due to upgrades, NFS is now squashing everything to nobody, so I had to disable precisely these checks to let users login with their authorized_keys. I can post the code if anybody is curious.
I occasionally use `scp` around my network and have for years. It works great and its simple interface is easy to remember. I don't want to sftp if I have to use tar on both sides. I might type rsync and but then I remember something about the trailing slash will cause the command to behave differently the second time. I just don't need yet another syntax I'll misremember. As long as scp is in my distro's repositories, I'll be using it.
easy to remember, if you don't use trailing slashes ever, it will just work every time
"I have a few observations about this article."
I have a few observations about this comment.
Generally use whatever works to do the job. Do think about security, so if you end up streaming stuff across the internet using scp really consider your life choices.
In reality, you will probably be copying stuff on or across local nets or across a VPN because port 22 is (of course) unavailable from !RFC1918(etc).
Use the tool for the job and don't pontificate (unless you know best!)
Allow me to introduce you to the Berkeley R-Utilities:
https://en.wikipedia.org/wiki/Berkeley_r-commands
They do the job, quite well.
I suggest that you use them for all your production needs, exclusively!
I for one appreciate this genre of comment. It's these days kinda one of the only things still redeemable on this particular website. I dont have to agree with it or end up using it, but its always good to see.
You get rid of some (wannabe-)greybeard nerd sniping someone's technical blog about an obscure linux util? What would even be left here? Just B2B SaaS AI blah blah forever?
You wan't them to couch this in "great job! Use whatever your comfortable with!" Are we really at that point?
rsync -avz -e ssh /local/ftw/ user@foo:/ftw/
> Their pscp implementation is a better drop-in replacement than the OpenSSH solutions.
What makes it a better drop in replacement?
Several reasons.
-PuTTY pscp allows raw passwords on the command line, or from a file. OpenSSH is unreasonable in refusing to do this.
-Scripting can adapt to a .netrc easily; OpenSSH will never do this.
-Modern OpenSSH is a nightmare when using legacy crypto, while pscp is fluid. There is nothing wrong with hmac-md5, and no reason to refuse it. I will take PuTTY or dropbear in a heartbeat over these burned bridges and workarounds.
https://www.openssh.org/legacy.html
-pscp does not link to dozens of libraries as ssh/scp does, so it is easier to build with less dependency. The ldd output of ssh and scp on rhel9 is 23 libraries, while PuTTY is 3 [package obtained from EPEL].
-pscp strongly leans to SFTP on the backend and can be directed to use it exclusively, so there is no ambiguity.
-Using pscp with a retry on fail is much easier than sftp -b.
-The wacky cipher control on rhel8 does not impact the PuTTY tools.
That is an extensive list.
> -PuTTY pscp allows raw passwords on the command line, or from a file. OpenSSH is unreasonable in refusing to do this.
You can use `sshpass` to force it through a command line argument. However, arguments can be viewed by any process through `/proc`, `ps`, etc. It's pretty reasonable to not support exposure of the password like that, especially since you can force it through using another tool if you really, really need to.
3 replies →
SCP protocol is fine and convenient as long as people understand that the remote file arguments are server-side shell code, and the consequences that implies.
You get the benefit of being able to e.g. get your last download off your desktop to your laptop like this:
or this if you're on bash:
or pull a file from a very nested project dir for which you have setup dynamic directories (or shell variables if you're on bash):
Just don't pull files from an SCP server that may be malicious. Use on trusted servers. If you do the following on your home dir:
That may overwrite .ssh/authorized_keys, .zshrc, etc. because `foo/` is server-side shell code. The client can't say that `.zshrc` resulting from the evaluation of `foo/` doesn't make sense, because it might in the remote shell language.
> If you need something that SFTP cannot do, then use tar on both sides.
No reason to make things inconvenient between personal, trusted computers, just because there may be malicious servers out there where one has no reason to SCP.
Something else to note is that your suggestion of using `tar` like `ssh malicious 'tar c foo/' | tar x` faces basically the exact same problem. The server can be malicious and return .ssh/authorized_keys, .zshrc, etc. in the archive for `tar x` to overwrite locally basically exactly the same way. This goes with the point of this SE answer:
> I'd say a lot of Unix commands become unsafe if you consider a MITM on SSH possible. A malicious sudo could steal your password, a malicious communication client could read your mails/instant messages, etc. Saying that replacing scp with sftp when talking to a compromised server will somehow rectify the situation is very optimistic to say the least. [...] In short, if you don't pay attention to which servers you SSH into, there's a high risk for you to be screwed no matter which tools you use, and using sftp instead of scp will be only marginally safer. --- https://unix.stackexchange.com/questions/571293/is-scp-unsaf...
I think this whole problem with SCP just stems from not having properly documented this aspect in the manpage, so people expected it to just take filepaths.
>If you need something that SFTP cannot do, then use tar on both sides.
Wouldn't tar do the exact same thing to that file's permissions?
Likely, but maintaining hard links is more of what I was thinking.
What I want is to be able to drag and drop files in my remote server to and from my desktop as if it's an NFS/NAS. What's the best option for this that will fully saturate the link?
I don't know about saturating the link, Buy sshfs can mount remote dirs and then you can drag and drop
rclone has a web gui https://rclone.org/gui/
CIFS/Samba has had a lot of effort put into it, so setup Tailscale and just use that, if you're after drag and drop.
you sound so wise and produce excellent reference, but in the next breath you show NFS in use?
signed -confused
What would you use for remote mounting filesystems? I don't know of any that are simply superior (w/o caveats/tradeoffs).
Why is it so self-evident that NFS is bad?
I upvoted you, and yes, cleartext NFS is a concern.
I had it wrapped in stunnel TLS, but I ripped that out recently as I am retiring and the new staff is simply not capable of maintaining that configuration.
My users were yelling, and the patch to tinysshd to omit all permissions checks silenced the complaints. No, it's not pretty.