Announcement

Collapse
No announcement yet.

Fedora Developers Discuss Retiring NTP, Deprecating SCP Protocol

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by Jabberwocky View Post

    I have no idea of the protocol is worth keeping. The application is useful. I use SCP for non-interactive and SFTP for interactive copying. The proposed changes sounds logical to me.
    One major issue with this change (I'm not on Fedora though, but this change might spread to Debian/Ubuntu as well) is that we use SCP extensively to move files around, then some external customers and providers asked for SFTP access on some of our servers so we have set that up in /etc/ssh/sshd_config as
    Code:
    Match Group sftp
        ChrootDirectory %h
        ForceCommand internal-sftp
        AllowTcpForwarding no
        X11Forwarding no
    To lock those external users into their own chroots but this will throw a spanner in the works for us on those servers if SCP starts to use SFTP internally since then this chroot will trigger...

    Comment


    • #22
      Originally posted by F.Ultra View Post

      One major issue with this change (I'm not on Fedora though, but this change might spread to Debian/Ubuntu as well) is that we use SCP extensively to move files around, then some external customers and providers asked for SFTP access on some of our servers so we have set that up in /etc/ssh/sshd_config as
      Code:
      Match Group sftp
      ChrootDirectory %h
      ForceCommand internal-sftp
      AllowTcpForwarding no
      X11Forwarding no
      To lock those external users into their own chroots but this will throw a spanner in the works for us on those servers if SCP starts to use SFTP internally since then this chroot will trigger...
      The idea behind it if you follow the discussions is that the automatic trigger to use sftp can be toggled off and you can tell your clients to use those advanced options.

      Comment


      • #23
        Originally posted by kpedersen View Post
        I use scp a fair amount. If it gets removed
        many much worse things will happen if you keep not reading articles past title

        Comment


        • #24
          Originally posted by uid313 View Post
          I have never used SCP, is it any good? Do you guys use it? Is it useful?
          I will take rsync over scp any day of the week. Having said that we need a whole new secure file moving system that doesn't use SSH or FTP. I thought Fedora had allready agreed to dump SCP.

          Comment


          • #25
            Originally posted by rene View Post
            LOL Popcorn.
            There you are: FTPd

            Comment


            • #26
              what's openSUSE view on this?

              Comment


              • #27
                Originally posted by MadeUpName View Post

                I will take rsync over scp any day of the week. Having said that we need a whole new secure file moving system that doesn't use SSH or FTP. I thought Fedora had allready agreed to dump SCP.
                What are you envisioning? Rsync can be used over a normal TCP socket so I guess you can run rsync over a TLS connection instead of SSH if you really want, but why would you want to?

                For quick and easy file transfers SFTP seems fine. For large file transfer jobs normal rsync over SSH is great. For humongous file transfers making a torrent would probably be the best tool for the job along with a cli/ncurses torrent client.

                Comment


                • #28
                  Originally posted by Azpegath View Post
                  By the way, what's wrong with SCP? I thought it was "better" than SFTP, and that the latter was somewhat of an afterthought to FTP, to not make it completely obsolete. But that assumption was based on no knowledge or reading at all

                  Actually both SCP and SFTP are wrong.

                  There are already many years since I have stopped using them, so they might have improved meanwhile, but I strongly doubt that.

                  There are 2 problems with SCP and SFTP:

                  1. There are cases when parts of the file metadata (e.g. parts of the timestamps or the extended attributes) are lost silently (without warnings or errors) during copying (I have experienced this when copying between computers using different operating systems and file systems in the source and destination of the transfer).

                  2. There are cases when the copying speed is much less than possible on that network link (especially when using gigabit or faster Ethernet).


                  I have solved these problems by replacing both scp and sftp with rsync over SSH, which works exactly like scp, but without its bugs or performance problems.

                  Therefore, I always disable the SFTP server (in sshd.conf) on all my servers.

                  Comment


                  • #29
                    Originally posted by fanbelt View Post

                    What are you envisioning? Rsync can be used over a normal TCP socket so I guess you can run rsync over a TLS connection instead of SSH if you really want, but why would you want to?

                    For quick and easy file transfers SFTP seems fine. For large file transfer jobs normal rsync over SSH is great. For humongous file transfers making a torrent would probably be the best tool for the job along with a cli/ncurses torrent client.

                    No, rsync over SSH is done with a certain command line option. It does not use TLS, it uses SSH, just replacing the buggy and slow scp command.

                    For example:

                    alias scp='/usr/bin/rsync --archive --xattrs --acls --progress --rsh="ssh"'


                    The SSH protocol is good, only SCP and SFTP are bad.

                    Running rsync over TLS does not bring any advantages compared to SSH, but only disadvantages, by having an additional active server besides sshd, which needs additional management and there is also additional work to manage a certificate system, which is much more complex than just generating and installing the private keys required by SSH.





                    Last edited by AdrianBc; 03 November 2020, 05:45 AM.

                    Comment


                    • #30
                      Originally posted by uid313 View Post
                      I have never used SCP, is it any good? Do you guys use it? Is it useful?

                      Also don't be confused with SFTP and FTP. SFTP is SSH File Transfer Protocol and has nothing to do with the FTP protocol, while FTPS is FTP over TLS just like HTTPS is HTTP over TLS.
                      Yes, except I believe that secured HTTP would've been named HTTPS anyway, since the alternative is SHTTP, which is a name that you simply do not want to use since it's so very difficult not to refer to that as "shittypee".

                      There's no chance this will get through the censorship, I don't think.

                      Comment

                      Working...
                      X