| Summary: | scp fails between two ends using password authentication | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Petr Lautrbach <plautrba> |
| Component: | scp | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED FIXED | ||
| Severity: | enhancement | CC: | djm, t8m |
| Priority: | P5 | ||
| Version: | 6.4p1 | ||
| Hardware: | Other | ||
| OS: | Linux | ||
It's probably somehow related to reopened https://bugzilla.mindrot.org/show_bug.cgi?id=1837 ping Do you have any opinion on this? Specifying -t may make the channel running scp no longer 8 bit clean. scp now supports the -3 option for remote to remote transfers. AFAIK it solves this problem closing resolved bugs as of 8.6p1 release |
If an user try to run scp with two remote ends using password authentication, the second attempt fails: $ scp -v -o PreferredAuthentications=password host-1:/tmp/a host-2:/tmp/ Executing: /usr/bin/ssh -x -oClearAllForwardings=yes -n -v -o PreferredAuthentications=password -- host-1 scp -v /tmp/a host-2:/tmp/ ... plautrba@host-1's password: debug1: Authentication succeeded (password). Authenticated to host-1 ([127.0.0.1]:22). ... Executing: program /usr/bin/ssh host host-2, user (unspecified), command scp -v -t /tmp/ ... debug1: Next authentication method: password debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password Permission denied, please try again. The problem is in scp.c: toremote() which always uses "-n" for standard remote to remote. Consequently, stdin is redirected to /dev/null and a remote ssh can't ask for another password. As a fix I'd propose to use the patch from RHEL: --- a/scp.c +++ b/scp.c @@ -638,7 +638,10 @@ toremote(char *targ, int argc, char **argv) addargs(&alist, "%s", ssh_program); addargs(&alist, "-x"); addargs(&alist, "-oClearAllForwardings=yes"); - addargs(&alist, "-n"); + if (isatty(fileno(stdin))) + addargs(&alist, "-t"); + else + addargs(&alist, "-n");