Re: Does OpenSSH use RCP?
- From: Matti Juhani Kurkela <Matti.Kurkela@xxxxxxxxx>
- Date: 31 Jan 2006 02:15:22 +0200
tonij67@xxxxxxxxxxx writes:
> I know the question sounds silly, but I have been having a discusion
> with someone about the difference between OpenSSH and SFTP. In my
> experience I have found that using SCP to transfer files actually uses
> the SFTP subsystem. Am I correct in thinking this? The reason I came
> to that conclusion is, if a system does not have SFTP configured
> properly (i.e. sshd_config file not pointing to the correct location of
> SFTP) than SCP will fail. This has lead me to believe that running SCP
> actually uses SFTP to some degree.
>
> Or am I missing something?
The "scp" command has been implemented in two different and
incompatible ways.
The commercial ssh.com product has a "scp" command that actually uses
SFTP sub-system (which is a SSH2 protocol extension) to transfer the
files.
OpenSSH uses an implementation that is compatible to the original SSH
1.x products, which is a variant of RCP protocol over a SSH shell
session. OpenSSH also has an implementation of the SFTP sub-system,
but only the sftp client uses it, not the scp.
The compatibility matrix becomes a little skewed:
- OpenSSH to OpenSSH of course works, using either scp or sftp,
as will ssh.com to ssh.com.
- Using the "sftp" command will always work.
- Using ssh.com "scp" to transfer files from/to OpenSSH server will work,
because the ssh.com "scp" is actually using SFTP protocol.
- Using OpenSSH scp to transfer files from/to ssh.com server may fail,
because ssh.com products will only support SFTP for file transfers,
not the RCP-like-protocol over SSH.
It will only work if SSH 1.x fallbacks are enabled and "scp1"
command exists (presumably from a SSH 1.x installation)
If you're after a maximum of interoperability, you might want to use
OpenSSH in the server-side and commercial products on the client-side.
There is a quick-and-dirty way to augment the ssh.com product to achieve
maximal interoperability: you have to get a OpenSSH "scp" binary and
install it as "scp1" alongside the ssh.com product. You'll need
nothing more from OpenSSH distribution.
The ssh.com server will print a warning message about using scp1
(making the assumption that it will be using the weak SSH1 protocol),
but you can now access the server with OpenSSH scp clients.
I may be mistaken, but after a quick browse through the OpenSSH scp.c
source it seems to me that the OpenSSH scp client does not contain nor
include *any* cryptographic code unless it is compiled with exotic
authentication options, like smartcard support. It gets all its
networking and encryption by invoking the "ssh" binary (when used at
the client side) or by being invoked through the sshd (at the server
side).
Thus, it should not be impossible to prove that even with the
interoperability solution I suggested, all the connections are
encrypted using the commercial product. This kind of proof might be
necessary if this solution was used in a situation where a contract
demands to use a specific product.
Of course, the PHBs will always be PHBs. :-/
--
Matti.Kurkela@xxxxxxxxx
.
- References:
- Does OpenSSH use RCP?
- From: tonij67
- Does OpenSSH use RCP?
- Prev by Date: Re: Does OpenSSH use RCP?
- Next by Date: Re: Does OpenSSH use RCP?
- Previous by thread: Re: Does OpenSSH use RCP?
- Index(es):
Relevant Pages
|
