I just ran a test on my test server at home:
I renamed scp to scp.old.
>From a remote box, I ran: scp myhomeboxdef:test.txt test.txt
response: bash: scp: command not found
Hope that helps.
-ME
----- Original Message -----
From: "Damien Miller" <[EMAIL PROTECTED]>
To: "H. Wade Minter" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, March 7, 2001 6:10 AM
Subject: Re: Block scp, allow ssh?
> On Tue, 6 Mar 2001, H. Wade Minter wrote:
>
> > I've got an odd situation that may not have a solution, but I
> > figured I'd ask anyway.
> >
> > Due to corporate requirements, my company's firewall policy blocks
> > outgoing file transfers (FTP puts), but allows FTP gets and outgoing
> > telnet. I don't like using telnet for the obvious reasons, so I
> > suggested they enable outgoing SSH.
> >
> > They did for a few weeks, but killed it recently. When I asked why,
> > they said it was because people can copy files out using scp without
> > the firewall being able to monitor it.
> >
> > So my question is: Is there any way, on a firewall-type level, to
> > block scp traffic, while allowing ssh and slogin? This would allow
> > them to stop file copies, but let secure shells go through.
>
> There is no way to do this. By the time the firewall sees the connection,
> its contents are encrypted.
>
> Furthermore, even if you were to somehow block the specific case of scp,
> it would still be possible to copy files by cat'ing tar files about the
> place. This is not unique to ssh, you can move files easily over just
> about any connection (telnet included) using zmodem or kermit.
>
> -d
>
> --
> | Damien Miller <[EMAIL PROTECTED]> \ ``E-mail attachments are the poor
man's
> | http://www.mindrot.org / distributed filesystem'' - Dan Geer
>
>
