On Mon, 16 May 2022 07:44:26 -0400 Stefano Rivera <stefa...@debian.org> wrote: > Now that openssh 1:9.0p1-1 uses the SFTP protocol by default, uploads to > services using scp are broken.
Note that not all uploads are broken. They are broken when the server side has a forced command that is expecting scp usage. I have this for example: ---- #!/bin/sh case "$SSH_ORIGINAL_COMMAND" in scp\ *) exec scp -p -d -t /srv/deb.freexian.com/extended-lts/incoming ;; chmod\ *) find /srv/deb.freexian.com/extended-lts/incoming -user $(whoami) -type f | xargs --no-run-if-empty chmod 0644 exit 0 ;; *) echo "ERROR: Forbidden command: $SSH_ORIGINAL_COMMAND" echo "This SSH access can only be used to upload Debian packages." exit 1 ;; esac ---- But without the "-O" option, scp will now call /usr/lib/sftp-server and the case will match the third case generating unexpected noise for the SFTP protocol. There's no good way to tweak that script to force sftp-server to be restricted to a specific directory. So either you switch to always "sftp" and do some other setup to restrict sftp (with the Chroot directive), or you switch to "always plain scp" by passing -O when you call scp. Cheers, -- Raphaƫl Hertzog