[GH-ISSUE #436] SFTP plugin instead of SCP on recent OpenSSH versions #115

New issue

Closed

opened 2026-05-07 00:19:07 +02:00 by BreizhHardware · 2 comments

BreizhHardware commented

2026-05-07 00:19:07 +02:00

Owner

Originally created by @CorentinDeBoisset on GitHub (Dec 8, 2023).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/436

I noticed that on MacOS, the scp executable uses the sftp command on the remote host. This is an extract of the man page:

HISTORY
     scp is based on the rcp program in BSD source code from the Regents of the University of California.

     Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by default.

The OpenSSH version installed on my MacOS (v14.1.1) is OpenSSH_9.4p1

This is not present on the scp executable on Linux (tested on Ubuntu 20.04, openSSH version : OpenSSH_8.2p1 Ubuntu-4ubuntu0.5). However, Ubuntu 23.04 and 23.10 ship with OpenSSH 9.0 so they should show the same symptoms.

That means that with recent versions of OpenSSH such as the one installed by default on MacOS, the plugin to use with scp is sftp. This is quite counter-intuitive, you may want to add a caveat in the documentation.

Originally created by @CorentinDeBoisset on GitHub (Dec 8, 2023). Original GitHub issue: https://github.com/ovh/the-bastion/issues/436 I noticed that on MacOS, the `scp` executable uses the `sftp` command on the remote host. This is an extract of the man page: ``` HISTORY scp is based on the rcp program in BSD source code from the Regents of the University of California. Since OpenSSH 9.0, scp has used the SFTP protocol for transfers by default. ``` The OpenSSH version installed on my MacOS (v14.1.1) is `OpenSSH_9.4p1` This is not present on the `scp` executable on Linux (tested on Ubuntu 20.04, openSSH version : `OpenSSH_8.2p1 Ubuntu-4ubuntu0.5`). However, Ubuntu 23.04 and 23.10 ship with OpenSSH 9.0 so they should show the same symptoms. That means that with recent versions of OpenSSH such as the one installed by default on MacOS, the plugin to use with `scp` is `sftp`. This is quite counter-intuitive, you may want to add a caveat in the documentation.

BreizhHardware closed this issue

2026-05-07 00:19:07 +02:00

BreizhHardware commented

2026-05-07 00:19:08 +02:00

Author

Owner

@speed47 commented on GitHub (Jan 19, 2024):

Hello,

This is correct, and is indeed an OpenSSH change, which will gradually take place on all distros as they update their OpenSSH version.

For now, the scp -O option is supported to ask the OpenSSH client to NOT use sftp but still use plain old scp. At some point (in several years I expect), they'll entirely remove scp.
This is handled in the code here:
github.com/ovh/the-bastion@a458e4b63c/bin/plugin/open/scp (L187-L192)

To get back to your issue, you should have seen the above message if you tried to use scp (a recent version such as the one on your Mac) without the -O parameter. Is your bastion version recent enough?

@speed47 commented on GitHub (Jan 19, 2024): Hello, This is correct, and is indeed an OpenSSH change, which will gradually take place on all distros as they update their OpenSSH version. For now, the `scp -O` option is supported to ask the OpenSSH client to NOT use sftp but still use plain old scp. At some point (in several years I expect), they'll entirely remove scp. This is handled in the code here: https://github.com/ovh/the-bastion/blob/a458e4b63c0787ef68d74447381b6e9201999621/bin/plugin/open/scp#L187-L192 To get back to your issue, you should have seen the above message if you tried to use scp (a recent version such as the one on your Mac) without the `-O` parameter. Is your bastion version recent enough?

BreizhHardware commented

2026-05-07 00:19:08 +02:00

Author

Owner

@speed47 commented on GitHub (Apr 10, 2024):

Closing for inactivity, please reopen if needed

@speed47 commented on GitHub (Apr 10, 2024): Closing for inactivity, please reopen if needed

BreizhHardware referenced this issue

2026-05-07 00:19:59 +02:00

[PR #115] [MERGED] doc: add documentation for PIV #248