2011-08-30 Motivated by, [0] I finally changed the passphrase of my gpg keys to a much better one. ssh and scp suffer because they don't understand the port number as part of the resource identifier. If service-to-port bindings would be constant, this wouldn't be a thing, but they aren't. Thus ssh/scp's address notation is insufficient. Specifying the port number as separate argument creates many problems: Most visible, but least important is the `-p'/`-P' inconsistency. A real fail is the inability to copy files between two remote machines if both ssh servers listen on non-standard ports: $ scp -P1234 foo.example.org:file bar.example.org: ssh: connect to host bar.example.org port 22: Connection refused lost connection Next: Every tool which supports ssh resource identifiers needs to support `-p/-P' arguments and pass them through. debsign(1) and debrsign(1) are ones which don't. (They caused this text.) Okay, people say that this can be solved with `ssh_config', but that's only a hack, no real solution. The port number needs to be part of the identifier, as shown by mercurial. This is mercurial's way of specifying an ssh resource: ssh://[user[:pass]@]host[:port]/[path] Protocol -- identity -- host -- port -- path. That's how ssh and scp should have done it too. A resource iden- tifier need to be *one* entity -- the extrapolation of the file name to a path name, and further augmented by the host, the service/protocol, the port and the user's identity. With such resource identifiers, this would be possible: $ better-scp foo.example.org:1234//etc/motd bar.example.org:9876//tmp $ debrsign example.org:4567 foo.changes But unfortunately, both are not. [0] http://xkcd.com/936/ http://marmaro.de/lue/ markus schnalke