upstream: Prepare for a future where scp(1) uses the SFTP protocol by

default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).

prompted by/feedback from deraadt@

OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc

2 files changed, 31 insertions, 26 deletions

diff --git a/scp.1 b/scp.1
index c06ecf68..972269af 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.98 2021/08/09 23:56:36 djm Exp $
+.\" $OpenBSD: scp.1,v 1.99 2021/08/10 03:33:34 djm Exp $
 .\"
-.Dd $Mdocdate: August 9 2021 $
+.Dd $Mdocdate: August 10 2021 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -18,14 +18,13 @@
 .Nd OpenSSH secure file copy
 .Sh SYNOPSIS
 .Nm scp
-.Op Fl 346ABCpqRrTv
+.Op Fl 346ABCOpqRrsTv
 .Op Fl c Ar cipher
 .Op Fl D Ar sftp_server_path
 .Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
 .Op Fl J Ar destination
 .Op Fl l Ar limit
-.Op Fl M Ar scp | sftp
 .Op Fl o Ar ssh_option
 .Op Fl P Ar port
 .Op Fl S Ar program
@@ -112,7 +111,7 @@ Selects the cipher to use for encrypting the data transfer.
 This option is directly passed to
 .Xr ssh 1 .
 .It Fl D Ar sftp_server_path
-When using the experimental SFTP protocol support via
+When using the SFTP protocol support via
 .Fl M ,
 connect directly to a local SFTP server program rather than a
 remote one via
@@ -144,14 +143,12 @@ This option is directly passed to
 .Xr ssh 1 .
 .It Fl l Ar limit
 Limits the used bandwidth, specified in Kbit/s.
-.It Fl M Ar scp | sftp
-Specifies a mode which will be used to transfer files.
-The default is to use the original
-.Cm scp
-protocol.
-Alternately, experimental support for using the
-.Cm sftp
-protocol is available.
+.It Fl O
+Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
+Forcing the use of the SCP protocol may be necessary for servers that do
+not implement SFTP or for backwards-compatibility for particular filename
+wildcard patterns.
+This mode is the default.
 .It Fl o Ar ssh_option
 Can be used to pass options to
 .Nm ssh
@@ -261,6 +258,16 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
 options.
+.It Fl s
+Use the SFTP protocol for file transfers instead of the legacy SCP protocol.
+Using SFTP provides avoids invoking a shell on the remote side and provides
+more predictable filename handling, as the SCP protocol
+relied on the remote shell for expanding
+.Xr glob 3
+wildcards.
+.Pp
+A near-future release of OpenSSH will make the SFTP protocol the default.
+This option will be deleted before the end of 2022.
 .It Fl T
 Disable strict filename checking.
 By default when copying files from a remote host to a local directory
@@ -290,6 +297,7 @@ debugging connection, authentication, and configuration problems.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh_config 5 ,
+.Xr sftp-server 8 ,
 .Xr sshd 8
 .Sh HISTORY
 .Nm
diff --git a/scp.c b/scp.c
index 3eda5483..e6935436 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.229 2021/08/09 23:56:36 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.230 2021/08/10 03:33:34 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -448,7 +448,6 @@ main(int argc, char **argv)
 	const char *errstr;
 	extern char *optarg;
 	extern int optind;
-	/* For now, keep SCP as default */
 	enum scp_mode_e mode = MODE_SCP;
 	char *sftp_direct = NULL;
 
@@ -482,7 +481,7 @@ main(int argc, char **argv)
 
 	fflag = Tflag = tflag = 0;
 	while ((ch = getopt(argc, argv,
-	    "12346ABCTdfpqRrtvD:F:J:M:P:S:c:i:l:o:")) != -1) {
+	    "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) {
 		switch (ch) {
 		/* User-visible flags. */
 		case '1':
@@ -517,6 +516,12 @@ main(int argc, char **argv)
 			addargs(&args, "-%c", ch);
 			addargs(&args, "%s", optarg);
 			break;
+		case 'O':
+			mode = MODE_SCP;
+			break;
+		case 's':
+			mode = MODE_SFTP;
+			break;
 		case 'P':
 			sshport = a2port(optarg);
 			if (sshport <= 0)
@@ -526,14 +531,6 @@ main(int argc, char **argv)
 			addargs(&remote_remote_args, "-oBatchmode=yes");
 			addargs(&args, "-oBatchmode=yes");
 			break;
-		case 'M':
-			if (strcmp(optarg, "sftp") == 0)
-				mode = MODE_SFTP;
-			else if (strcmp(optarg, "scp") == 0)
-				mode = MODE_SCP;
-			else
-				usage();
-			break;
 		case 'l':
 			limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024,
 			    &errstr);
@@ -1987,8 +1984,8 @@ void
 usage(void)
 {
 	(void) fprintf(stderr,
-	    "usage: scp [-346ABCpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
-	    "           [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n"
+	    "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
+	    "           [-i identity_file] [-J destination] [-l limit]\n"
 	    "           [-o ssh_option] [-P port] [-S program] source ... target\n");
 	exit(1);
 }