Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
m463 3 days ago

> There is a whole lot that SSH can do that most people don't know about.

I had to port ssh to embedded hardware decades ago, and pulling back the curtains I came to the opinion that everything was a mess.

for example, I needed to be able to upload/download firmware, and was surprised to find that scp wasn't a pure file transfer protocol. It is more like "log into the remote system via shell and run a file transfer program"

There are lots of other things I didn't like, like wholesale transferring environment variables back and forth, weird shell interactions and more.

It is very useful, but it is an organically grown program, not a designed protocol.

woooooo 3 days ago | parent [-]

Scp not needing its own protocol is a feature and not a bug in my book..

m463 3 days ago | parent [-]

thing is, there IS a transfer protocol, there are just no controls on the files. If you can log in, there is just passing security.

Just take a step back and think what you could do if it were a protocol:

- limit visible files

- limit access to files by user

- make access strictly read-only

- allow upload-only (sort of a dropbox)

- clear separation between login access and file access

- remove login user from the whole mess

- trivially tie in as a filesystem.

etc...

rad_gruchalski 3 days ago | parent [-]

But why? It can be done with ssh and some mix of linux permissions. It’s simple. There’s always room for more complexity.

m463 3 days ago | parent [-]

I like the simplicity of controlling everything with a hypothetical scp.conf:

  default
    access none /dev /sys /proc
  user foo
    access ro /var/scp/firmware
    access rw /var/scp/user-foo
  user anonymous
    access w /var/scp/dropbox
  user joe
    access rw /home/joe
  user fred
    access rw /
  user backup
    access ro /
unsnap_biceps 2 days ago | parent [-]

You can actually switch the subsystem to `internal-sftp` and configure the visible path via ChrootDirectory, however you still rely on posix user/group privs.

Subsystems are pluggable, so you could write your own subsystem that does enforce whatever config and permission model you want. It's not terribly difficult to do, and you can replace the sftp subsystem entirely.

and just a FYI, currently scp is plumbed over the sftp subsystem, so replacing the sftp subsystem would "fix" scp and sftp clients for you.