Bug#282339: scp: single-purpose keys for scp

To: Borna Novak <bbozo@student.math.hr>
Cc: 282339@bugs.debian.org, control@bugs.debian.org
Subject: Bug#282339: scp: single-purpose keys for scp
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 31 May 2005 21:50:36 +0100
Message-id: <[🔎] 20050531205035.GA31488@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 282339@bugs.debian.org
In-reply-to: <E1CVriq-0005uG-00@borna0>
References: <E1CVriq-0005uG-00@borna0>

retitle 282339 single-purpose file transfer keys
tags 282339 upstream
thanks

On Sun, Nov 21, 2004 at 02:25:44PM +0100, Borna Novak wrote:
> Package: ssh
> Version: 1:3.8.1p1-8
> Severity: wishlist
> 
> AFAIK, single-purpose keys are aplicable only to "normal" ssh sessions?
> It would be a very useful feature if it were possible to create keys
> that would apply only to specific pairs of local_files=>remote_files
> as a "safe" automated way to transfer root-only readable system files
> on small networks (/etc/shadow, ...).

The scp protocol is fixed, and doesn't support this kind of thing as far
as I know; sftp would be the place to do this.

You should be able to create a key that will only let you scp to a
particular target file (use strace to see what command scp is executing
on the remote host, and copy that), which is about the best you can do
given that the remote sshd can't do any better than trusting what the
client says about where the file came from. I agree that this is not
very flexible; it'd be a sizable piece of upstream development to fix,
though ...

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Processed: Re: scp: single-purpose keys for scp
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: scp: single-purpose keys for scp
Previous by thread: Processed: tagging 208648
Next by thread: Processed: Re: scp: single-purpose keys for scp
Index(es):
- Date
- Thread