Skip to content

feat: Implement SCP server protocol #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
inureyes merged 4 commits into from
Jan 24, 2026
Merged

feat: Implement SCP server protocol #156

inureyes merged 4 commits into from
Jan 24, 2026

Conversation

@inureyes
Copy link
Member

@inureyes inureyes commented Jan 24, 2026

Summary

  • Add SCP server handler with sink and source modes for file transfers
  • Implement SCP command parsing with support for -t, -f, -r, -p, -d, -v flags
  • Integrate SCP handling with exec_request for automatic command detection
  • Add comprehensive path traversal prevention for security

Implementation Details

SCP Protocol Handler (src/server/scp.rs)

  • ScpCommand: Parser for SCP command flags and arguments
  • ScpHandler: Main handler implementing the SCP protocol
    • Sink mode (-t): Receives files from the client
    • Source mode (-f): Sends files to the client
    • Recursive transfer (-r): Support for directory transfers
    • Time preservation (-p): Preserves file modification times

Security Features

  • Path traversal prevention (files cannot escape root directory)
  • Filename validation (no /, .., or . as filename)
  • File size limit (10GB max)
  • Symlink handling in recursive transfers (skipped for security)

Configuration

  • New scp_enabled setting in ServerConfig (default: true)
  • Builder method scp_enabled() for programmatic configuration
  • YAML configuration support via scp.enabled

Test Plan

  • Unit tests for SCP command parsing
  • Unit tests for path resolution and traversal prevention
  • Unit tests for handler creation and configuration
  • All existing tests pass
  • Manual testing with scp client (requires running server)

Closes #133

@inureyes
feat: Implement SCP server protocol
dd72453 
Add SCP (Secure Copy Protocol) server handler that supports:
- Sink mode (-t): Receive files from client (upload)
- Source mode (-f): Send files to client (download)
- Recursive directory transfer (-r)
- Permission preservation (-p)
- Path traversal prevention for security

Key implementation details:
- ScpCommand parser for SCP command detection and flag parsing
- ScpHandler with bidirectional communication via mpsc channels
- Integration with exec_request handler for SCP command detection
- Security: path resolution ensures files stay within root directory
- Configurable via scp_enabled setting in ServerConfig

Closes #133
@inureyes
fix: Address security issues in SCP handler
3f751a3 
- Add symlink escape prevention via canonicalization
- Fix TOCTOU race condition in directory creation (atomic mkdir)
- Add max line length limit to prevent DoS via memory exhaustion
- Mask setuid/setgid/sticky bits from file permissions
- Remove unused variable
- Improve error messages to not leak internal paths
- Add structured security audit logging for blocked operations
@inureyes
chore: finalize PR with lint fixes and documentation
c3251de 
- Fix clippy while_let_loop warning in SCP handler
- Apply cargo fmt formatting
- Add SCP handler documentation to ARCHITECTURE.md
- Add SCP protocol handler section to server-configuration.md
- Update architecture README to reference SCP handler
@inureyes
Copy link
Member Author

inureyes commented Jan 24, 2026

PR Finalization Report

Project Structure Discovered

  • Project Type: Rust (Cargo.toml)
  • Test Framework: cargo test (standard Rust testing)
  • Documentation System: Plain markdown in docs/architecture/
  • Multi-language Docs: No (English only)
  • Lint Tools: cargo fmt, cargo clippy

Checklist

Tests

  • Analyzed existing test structure (16 SCP-related tests)
  • All existing tests passing (933 tests total)
  • No additional tests needed (comprehensive coverage already exists)

Documentation

  • ARCHITECTURE.md updated - Added SCP handler to SSH Server Module section and file structure
  • docs/architecture/server-configuration.md updated - Added comprehensive SCP Protocol Handler section
  • docs/architecture/README.md updated - Added SCP Handler reference in Server Components

Code Quality

  • cargo fmt: All files formatted
  • cargo clippy: Fixed while_let_loop warning in scp.rs
  • All warnings resolved

Changes Made

  1. src/server/scp.rs: Refactored loop { match ... } to while let pattern to satisfy clippy
  2. src/server/handler.rs: Applied cargo fmt formatting
  3. ARCHITECTURE.md: Added ScpHandler documentation with security features
  4. docs/architecture/server-configuration.md: Added SCP Protocol Handler section with protocol overview, operation modes, flags, security features, configuration, and usage examples
  5. docs/architecture/README.md: Added SCP Handler to Server Components list

Verification Results

cargo fmt --check: OK
cargo clippy -- -D warnings: OK  
cargo test --lib: 933 passed, 0 failed

All checks passing. Ready for merge.

@inureyes
Merge origin/main into feature/issue-133-scp-server-protocol
0358cc4 
Resolve conflicts between SCP implementation and main branch features:
- Merged scp and security modules in src/server/mod.rs
- Merged SCP and AuthRateLimiter imports in handler.rs
- Merged scp_enabled with security fields in ServerConfig
- Merged SCP and Audit Logging in architecture docs

Integrated features from main:
- Audit logging infrastructure (event, exporter, file, otel, logstash)
- Security module (access control, auth rate limiting)
- Security configuration fields (auth_window, ban_time, IP whitelist)
@inureyes inureyes merged commit 822b1fe into main Jan 24, 2026
1 of 2 checks passed
@inureyes inureyes deleted the feature/issue-133-scp-server-protocol branch January 24, 2026 10:50
@inureyes inureyes self-assigned this Jan 24, 2026
@inureyes inureyes added priority:medium Medium priority issue status:done Completed type:enhancement New feature or request labels Jan 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@inureyes inureyes

Labels

priority:medium Medium priority issue status:done Completed type:enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement SCP server protocol

2 participants

@inureyes