> Edit: To clarify, I understand why you’d want to fix this, for a good depth of defense. I’m just saying I don’t feel any urgency in fixing this.
If you exclusively SCP to servers you control, this is admittedly a low priority issue.
However some companies use SCP extensively as a way to exchange data files (as an upgrade from using FTP, and out of frustration from dealing with implicit/explicit FTPS modes). Healthcare and finance come to mind for those use cases.
When someone breaks into your servers, it's still kind of bad. Consider, for one, that the admins risk their laptops getting pwned when getting logs from said boxes. Easy to get from "one compromised server" to bigger problems this way.
If you exclusively SCP to servers you control, this is admittedly a low priority issue.
However some companies use SCP extensively as a way to exchange data files (as an upgrade from using FTP, and out of frustration from dealing with implicit/explicit FTPS modes). Healthcare and finance come to mind for those use cases.