OpenSSH SCP protocol deprecation in Red Hat Enterprise Linux 9

Updated 27 Apr 2022

The This content is not included.OpenSSH package that ships with Red Hat Enterprise Linux 9 now by default uses the SFTP protocol for secure file transfer between systems. The SCP protocol is very old and has numerous security risks and as a result it was finally deprecated with Red Hat Enterprise Linux 9.

Even though it is not recommended, you can enforce the use of the SCP protocol in the scp command-line tool by using the new -O option. From man 1 scp:

   -O      Use the legacy SCP protocol for file transfers instead of the SFTP protocol.  Forcing the use of the SCP protocol may be necessary for servers that do not implement SFTP, for backwards-compatibility for particular filename wildcard patterns and for expanding paths with a ‘~’ prefix for older SFTP servers.

You can completely disable the SCP protocol on the system by creating a file named /etc/ssh/disable_scp. All attempts to use the SCP protocol will fail when this file exists:

server> # touch /etc/ssh/disable_scp
client> # scp file1 server:/tmp
file1                                                                               100% 1338     7.1MB/s   00:00
client> # scp -O file1 server:/tmp
SCP protocol is forbidden via /etc/ssh/disable_scp

For more information about the SCP protocol deprecation, please refer to This content is not included.this blog post.

SBR

Product(s)

Red Hat Enterprise Linux

Category

Learn more

Components

openssh

Article Type

Tech Brief