From owner-freebsd-security Mon Apr 1 2:38: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 8533837B416 for ; Mon, 1 Apr 2002 02:38:01 -0800 (PST) Received: from dali.cs.wm.edu (dali [128.239.26.26]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id g31Abkb28142 for ; Mon, 1 Apr 2002 05:37:47 -0500 (EST) Received: (from zvezdan@localhost) by dali.cs.wm.edu (8.11.6/8.9.1) id g31Ac0u14222 for freebsd-security@FreeBSD.ORG; Mon, 1 Apr 2002 05:38:00 -0500 Date: Mon, 1 Apr 2002 05:38:00 -0500 From: Zvezdan Petkovic To: freebsd-security@FreeBSD.ORG Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020401053800.A14193@dali.cs.wm.edu> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <20020330210748.A1609@dali.cs.wm.edu> <20020401002447.K2704-100000@walter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020401002447.K2704-100000@walter>; from jason@shalott.net on Mon, Apr 01, 2002 at 12:28:30AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Apr 01, 2002 at 12:28:30AM -0800, Jason Stone wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > > Well, for one, the fact that you can't copy from one remote host to > > > another. > > > > Wrong, you _CAN_ copy between two remote hosts. > > scp man page says in the second paragraph of DESCRIPTION: > > > > Any file name may contain a host and user specification to indicate that > > the file is to be copied to/from that host. Copies between two remote > > hosts are permitted. > > > > scp my.office.machine:file.pdf my.home.machine: > > Yes, but it's not what you think - when you did this, what actually > happened was that the client on the machine you started from did: > ssh my.office.machine "scp file.pdf my.home.machine:" > That is to say, you really just copied the file from office to home > without it ever touching the machine in the middle. So if the two end > machines can't see each other, this won't work. And if you can't arrange > to get the password/key/passphrase for the home machine from the middle > machine to the office machine, this won't work. > > > -Jason > Correct. Remember though that the original post was that scp man page is not clear enough. I just tried to show that it is quite clear and correct. Setting the keys correctly is another matter, but my opinion is that it is quite clear too for people who read documentation carefully. Also, the first person in the quote above doesn't claim that copy has to be over the middle machine. But again, you pointed correctly that if these two machines do not allow direct connection to each other then the copying wouldn't work. I don't think scp man page wanted to imply that it would. -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message