make scp -3 the default for remote-to-remote copies. It provides a

much better and more intuitive user experience and doesn't require
exposing credentials to the source host.

thanks naddy@ for catching the missing argument in usage()

"Yes please!" - markus@
"makes a lot of sense" - deraadt@
"the right thing to do" - dtucker@

diff --git a/usr.bin/ssh/scp.1 b/usr.bin/ssh/scp.1
index 54285b7..c06ecf6 100644 (file)
--- a/usr.bin/ssh/scp.1
+++ b/usr.bin/ssh/scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.97 2021/08/02 23:38:27 djm Exp $
+.\" $OpenBSD: scp.1,v 1.98 2021/08/09 23:56:36 djm Exp $
 .\"
-.Dd $Mdocdate: August 2 2021 $
+.Dd $Mdocdate: August 9 2021 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -18,7 +18,7 @@
 .Nd OpenSSH secure file copy
 .Sh SYNOPSIS
 .Nm scp
-.Op Fl 346ABCpqrTv
+.Op Fl 346ABCpqRrTv
 .Op Fl c Ar cipher
 .Op Fl D Ar sftp_server_path
 .Op Fl F Ar ssh_config
@@ -80,10 +80,11 @@ The options are as follows:
 Copies between two remote hosts are transferred through the local host.
 Without this option the data is copied directly between the two remote
 hosts.
-Note that this option disables the progress meter and selects batch mode
-for the second host, since
+Note that, when using the legacy SCP protocol (the default), this option
+selects batch mode for the second host as
 .Nm
 cannot ask for passwords or passphrases for both hosts.
+This mode is the default.
 .It Fl 4
 Forces
 .Nm
@@ -239,6 +240,15 @@ original file.
 Quiet mode: disables the progress meter as well as warning and diagnostic
 messages from
 .Xr ssh 1 .
+.It Fl R
+Copies between two remote hosts are performed by connecting to the origin
+host and executing
+.Nm
+there.
+This requires that
+.Nm
+running on the origin host can authenticate to the destination host without
+requiring a password.
 .It Fl r
 Recursively copy entire directories.
 Note that

diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c
index 7bc530c..5ea99c9 100644 (file)
--- a/usr.bin/ssh/scp.c
+++ b/usr.bin/ssh/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.228 2021/08/09 23:49:31 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.229 2021/08/09 23:56:36 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -139,7 +139,7 @@ int showprogress = 1;
  * This is set to non-zero if remote-remote copy should be piped
  * through this process.
  */
-int throughlocal = 0;
+int throughlocal = 1;
 
 /* Non-standard port to use for the ssh connection or -1. */
 int sshport = -1;
@@ -452,7 +452,7 @@ main(int argc, char **argv)
 
        fflag = Tflag = tflag = 0;
        while ((ch = getopt(argc, argv,
-           "12346ABCTdfpqrtvD:F:J:M:P:S:c:i:l:o:")) != -1) {
+           "12346ABCTdfpqRrtvD:F:J:M:P:S:c:i:l:o:")) != -1) {
                switch (ch) {
                /* User-visible flags. */
                case '1':
@@ -474,6 +474,9 @@ main(int argc, char **argv)
                case '3':
                        throughlocal = 1;
                        break;
+               case 'R':
+                       throughlocal = 0;
+                       break;
                case 'o':
                case 'c':
                case 'i':
@@ -1943,7 +1946,7 @@ void
 usage(void)
 {
        (void) fprintf(stderr,
-           "usage: scp [-346ABCpqrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
+           "usage: scp [-346ABCpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
            "           [-i identity_file] [-J destination] [-l limit] [-M scp|sftp]\n"
            "           [-o ssh_option] [-P port] [-S program] source ... target\n");
        exit(1);