Deprecating scp

Last modified on November 06, 2020

Welcome to LWN.accumulate

The subsequent subscription-most environment friendly direct materials has been made readily available to you
by an LWN subscriber. Thousands of subscribers depend upon LWN for the
ideally marvelous recordsdata from the Linux and free utility communities. Even as you occur to profit from this
article, please win into story accepting the trial provide on the ideally marvelous. Thank you
for visiting LWN.accumulate!

Free trial subscription

Are attempting LWN totally free for 1 month: no charge
or bank card required. Suggested
your trial subscription now
and take a look at why tons of of
readers subscribe to LWN.accumulate.

By Jonathan Corbet
November 5, 2020

The

scp

declare, which makes use of the SSH protocol to
copy information between
machines, is deeply wired into the fingers of many Linux customers and
builders — doubly so for these of us who mild mediate of it as a further
precise alternative for

rcp

. Many customers can be shocked to study,
although, that the resemblance to

rcp

goes previous the title; mighty of
the underlying protocol is the a similar as neatly. That protocol is displaying its
age, and the OpenSSH group has
regarded as a result of it deprecated for some time.
Changing

scp

in a vogue that retains customers happy may nicely additionally merely now not be a straight ahead
mission, although.

scp, like rcp sooner than it, became designed to opinion as mighty
identical to the favourite cp declare as that you simply simply would mediate of. It has a relatively
straight ahead, scriptable declare-line interface that makes recursive and
multi-file copies straight ahead. It makes use of the SSH authentication mechanisms when
connecting between machines and encrypts knowledge in flight, so it's miles on the overall
considered being precise. It seems, although, that in some circumstances,
specifically these the place
there may be miniature or no have religion between the two ends of the connection, the
exact stage of safety can be now not as much as anticipated.

Use into story, as an example, the OpenSSH 8.0
launch, which integrated a repair for the vulnerability recognized as CVE-2019-6111.
In the scp protocol, the side containing the file(s) to be copied
affords the title(s) to the receiving side. So one may nicely sort a declare
like:

    $ scp admin:tedious-spreadsheet.ods .

with the expectation of getting a file referred to as
tedious-spreadsheet.ods in primarily probably the most up-to-the-minute working listing. If the
far-off server have been to current a response like "proper right here is the
.bashrc file you requested for", although, scp would
fortunately overwrite that file as a change. The 8.Zero launch mounted this snarl by
evaluating the file title from the far-off side with what became genuinely requested
for, however the launch announcement additionally mentioned that the scp protocol is
"outdated, inflexible and now not readily mounted" and urged
migrating removed from scp.

CVE-2020-15778
is a atypical story. Be acutely aware that scp is constructed on SSH, so when
one kinds a declare like:

    $ scp election-predictions.txt dumpster:junk/

the consequence could possibly be an SSH connection to dumpster working this
declare:

    scp -t junk/

That declare, using the undocumented -t chance to specify a
trip station ("to") listing, will then take care of requests to change information
into junk.
This mechanism leaves the door launch for diversified types of eager
mischief. Are attempting working one thing like this:

    $ scp some-local-file far-off:'`contact you-lose`far-off-file'

This might presumably consequence within the introduction of two information on the far-off system:
the anticipated far-off-file and an empty file referred to as
you-lose. Including further attention-grabbing contents to that file is left
as an educate for the reader.

Whether or now not this habits constitutes a vulnerability is partly within the leer of
the beholder. If the patron has favourite SSH access to the far-off system,
smuggling directions by way of scp is right a extra sturdy method to terminate points that
are already that you simply simply would mediate of. Evidently, although, it's miles now not unheard-of for websites to
current scp-most environment friendly access, permitting customers to repeat information however now not to
terminate arbitrary directions on the intention system. For programs with that
vogue of safety, this habits is definitely a vulnerability. Lastly, whereas
the hazard is map-off, it's miles charge noting {that a} native file title containing
`backticks` (a file named `contact you-lose`, as an example)
could possibly be dealt with the a similar method on the diversified terminate; if a client will like
to fabricate a recursive copy of a listing tree containing a file with a
malicious title, horrifying points can occur.

Unlike CVE-2019-6111, this snarl has now not been addressed by the OpenSSH
builders. As quoted within the disclosure linked above, their response is:

The scp declare is a historic protocol (referred to as rcp) which relies upon
upon that vogue of argument passing and encounters development
issues. It has confirmed very subtle in order so as to add "safety" to the scp
model. All makes an try to "detect" and "stop" anomalous argument
transfers stand a astronomical likelihood of breaking current workflows. Wonderful,
we acknowledge it the realm sucks. But we do not are searching to damage the
straight ahead patterns of us use scp for, until there may be a in vogue
alternative.

On situation that, the following ask comes naturally: what should mild change the
deprecated scp declare? The identical outdated decision to that ask is
each sftp or rsync.

The sftp declare has the ideally marvelous factor about being a section of the OpenSSH
gear and, thus, readily available in most places that scp could possibly be
discovered. Its draw back is a mighty much less righteous shopper skills,
specifically in circumstances the place one merely needs to sort a declare and take a look at information
change. An easy declare like:

    $ sftp far-off:

will not work as anticipated. Some makes use of require coming into an "interactive
mode" that's acquainted to these of us venerable ample to get pleasure from as soon as veteran FTP for
file transfers; we're additionally venerable ample to be acutely aware why we switched from FTP to
directions like rcp and scp as quickly as they grew to develop to be
readily available.

rsync is a professional completely different that has the ideally marvelous factor about
performing higher than scp, which is now not specifically like a flash. But
rsync is now not as uni

Read More

Similar Products:

    None Found

Recent Content

link to HTTPWTF

HTTPWTF

HTTP is fundamental to modern development, from frontend to backend to mobile. But like any widespread mature standard, it's got some funky skeletons in the closet. Some of these skeletons are...