SFTP plugin instead of SCP on recent OpenSSH versions

[CorentinDeBoisset]

I noticed that on MacOS, the scp executable uses the sftp command on the remote host. This is an extract of the man page:

HISTORY
     scp is based on the rcp program in BSD source code from the Regents of the University of California.

     Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by default.

The OpenSSH version installed on my MacOS (v14.1.1) is OpenSSH_9.4p1

This is not present on the scp executable on Linux (tested on Ubuntu 20.04, openSSH version : OpenSSH_8.2p1 Ubuntu-4ubuntu0.5). However, Ubuntu 23.04 and 23.10 ship with OpenSSH 9.0 so they should show the same symptoms.

That means that with recent versions of OpenSSH such as the one installed by default on MacOS, the plugin to use with scp is sftp. This is quite counter-intuitive, you may want to add a caveat in the documentation.

[speed47]

Hello,

This is correct, and is indeed an OpenSSH change, which will gradually take place on all distros as they update their OpenSSH version.

For now, the scp -O option is supported to ask the OpenSSH client to NOT use sftp but still use plain old scp. At some point (in several years I expect), they'll entirely remove scp.
This is handled in the code here:

the-bastion/bin/plugin/open/scp

Lines 187 to 192 in a458e4b

	elif [ "${1:-}" = "-s" ]; then
	# caller is a newer scp that tries to use the sftp subsystem
	# instead of plain old scp, warn because it won't work
	echo "scphelper: WARNING: your scp version is recent, you need to add '-O' to your scp command-line, exiting." >&2
	exit 1
	else

To get back to your issue, you should have seen the above message if you tried to use scp (a recent version such as the one on your Mac) without the -O parameter. Is your bastion version recent enough?

[speed47]

Closing for inactivity, please reopen if needed