> There is a whole lot that SSH can do that most people don't know about.
I had to port ssh to embedded hardware decades ago, and pulling back the curtains I came to the opinion that everything was a mess.
for example, I needed to be able to upload/download firmware, and was surprised to find that scp wasn't a pure file transfer protocol. It is more like "log into the remote system via shell and run a file transfer program"
There are lots of other things I didn't like, like wholesale transferring environment variables back and forth, weird shell interactions and more.
It is very useful, but it is an organically grown program, not a designed protocol.
I like the simplicity of controlling everything with a hypothetical scp.conf:
default
access none /dev /sys /proc
user foo
access ro /var/scp/firmware
access rw /var/scp/user-foo
user anonymous
access w /var/scp/dropbox
user joe
access rw /home/joe
user fred
access rw /
user backup
access ro /
You can actually switch the subsystem to `internal-sftp` and configure the visible path via ChrootDirectory, however you still rely on posix user/group privs.
Subsystems are pluggable, so you could write your own subsystem that does enforce whatever config and permission model you want. It's not terribly difficult to do, and you can replace the sftp subsystem entirely.
and just a FYI, currently scp is plumbed over the sftp subsystem, so replacing the sftp subsystem would "fix" scp and sftp clients for you.
I had to port ssh to embedded hardware decades ago, and pulling back the curtains I came to the opinion that everything was a mess.
for example, I needed to be able to upload/download firmware, and was surprised to find that scp wasn't a pure file transfer protocol. It is more like "log into the remote system via shell and run a file transfer program"
There are lots of other things I didn't like, like wholesale transferring environment variables back and forth, weird shell interactions and more.
It is very useful, but it is an organically grown program, not a designed protocol.