The allowscp option is intended to restrict users to only being able to scp files to or from the server, and not be able to run commands on the server.
When a user runs scp on their client, an scp command is also run on the server. This runs through rssh (the restricted user’s shell), which attempts to verify the arguments are “secure.” We can control exactly which scp command is run on the server by supplying it as an argument to ssh. If rssh considers our invocation secure, it will execute that command.
Created rssh tracking bugs for this issue:
Affects: epel-all [bug 1671296]
Affects: fedora-all [bug 1671295]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.