Bug 24807

Summary: scp(1) from OpenSSH package doesn't have a "-L" option
Product: Base System Reporter: doc_zero <doc_zero>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.2-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description doc_zero 2001-02-02 22:30:01 UTC 
The -L option available in SSH package from /usr/ports/security/ssh allows
to pass a -P option to ssh when using scp command. This is helpful when doing
a secure copy from a network where a firewall doesn't permit outgoing connections 
on privileged ports. In ssh itself this option is supported as -P and the manpage
reads:      

     -P      Use a non-privileged port for outgoing connections.  This can be
             used if your firewall does not permit connections from privileged
             ports.  Note that this option turns off RhostsAuthentication and
             RhostsRSAAuthentication.

I have included a patch to /usr/src/crypto/openssh/scp.c dated Fri Feb  2.

Sincerely,
Alex.
Comment 1 Peter Pentchev 2001-02-02 22:42:02 UTC 
On Fri, Feb 02, 2001 at 02:24:00PM -0800, doc_zero@hotmail.com wrote:
> 
> >Number:         24807
> >Synopsis:       scp(1) from OpenSSH package doesn't have a "-L" option
> >Responsible:    freebsd-bugs
> >Class:          wish
> >Originator:     Alex Rebrik
> >Release:        4.2-STABLE
> >Organization:
> N/A
> >Environment:
> FreeBSD possessed 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Jan 11 09:54:23 PST 2001     root@possessed:/usr/src/sys/compile/POSSESSED  i386
> 
> >Description:
> The -L option available in SSH package from /usr/ports/security/ssh allows
> to pass a -P option to ssh when using scp command. This is helpful when doing
> a secure copy from a network where a firewall doesn't permit outgoing connections 
> on privileged ports. In ssh itself this option is supported as -P and the manpage
> reads:      
> 
>      -P      Use a non-privileged port for outgoing connections.  This can be
>              used if your firewall does not permit connections from privileged
>              ports.  Note that this option turns off RhostsAuthentication and
>              RhostsRSAAuthentication.
> 
> I have included a patch to /usr/src/crypto/openssh/scp.c dated Fri Feb  2.
> 
> Sincerely,
> Alex.

I don't think that this is a problem with FreeBSD's SSH per se.
This is an issue you want to take up with the OpenSSH developers
at www.OpenSSH.com (try sending mail to openssh@OpenSSH.com).
However, they'll probably reply that scp can do this, albeit in
a little bit more roundabout way:

scp -o'PrivilegedPort no'

..does the trick for me.

Anyway, I don't think that our OpenSSH maintainer would be too
happy with making almost-gratuitious changes to software that is
developed outside of the FreeBSD source tree.  Try talking to
the folks at OpenSSH.com and tell us what they think about it.

G'luck,
Peter

-- 
What would this sentence be like if pi were 3?
Comment 2 Peter Pentchev freebsd_committer freebsd_triage 2001-02-02 22:50:47 UTC 
State Changed
From-To: open->feedback

Originator advised to talk to OpenSSH developers.
Comment 3 doc_zero 2001-02-03 23:33:21 UTC 
Heh - thanks :)

I'll forward it to OpenSSH, doubdt they would like it though. I knew about 
the -o but then again I'm working on a site where there are a lot of old 
scriupts (bwueh!) that rely on the -L option. Thanks for your comments, for 
now I am building a custom release anyway in which I plan to include my 
patch to scp and a few other things and distribute it to the site here.

Sincerely,
Alex.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Comment 4 Peter Pentchev freebsd_committer freebsd_triage 2001-02-04 11:20:09 UTC 
State Changed
From-To: feedback->closed

Originator agrees this is not a problem in the FreeBSD OpenSSH per se.