Bug 2133 - scp fails between two ends using password authentication
Summary: scp fails between two ends using password authentication
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: scp (show other bugs)
Version: 6.4p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-30 00:06 AEST by Petr Lautrbach
Modified: 2021-04-23 15:04 AEST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Lautrbach 2013-07-30 00:06:18 AEST
If an user try to run scp with two remote ends using password authentication, the second attempt fails:

$ scp -v -o PreferredAuthentications=password host-1:/tmp/a host-2:/tmp/
Executing: /usr/bin/ssh -x -oClearAllForwardings=yes -n -v -o PreferredAuthentications=password -- host-1 scp -v /tmp/a host-2:/tmp/
...
plautrba@host-1's password: 
debug1: Authentication succeeded (password).
Authenticated to host-1 ([127.0.0.1]:22).
...
Executing: program /usr/bin/ssh host host-2, user (unspecified), command scp -v -t /tmp/
...
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.


The problem is in scp.c: toremote() which always uses "-n" for standard remote to remote. Consequently, stdin is redirected to /dev/null and a remote ssh can't ask for another password.

As a fix I'd propose to use the patch from RHEL:

--- a/scp.c
+++ b/scp.c
@@ -638,7 +638,10 @@ toremote(char *targ, int argc, char **argv)
                        addargs(&alist, "%s", ssh_program);
                        addargs(&alist, "-x");
                        addargs(&alist, "-oClearAllForwardings=yes");
-                       addargs(&alist, "-n");
+                       if (isatty(fileno(stdin)))
+                               addargs(&alist, "-t");
+                       else
+                               addargs(&alist, "-n");
Comment 1 Petr Lautrbach 2013-07-30 00:11:07 AEST
It's probably somehow related to reopened https://bugzilla.mindrot.org/show_bug.cgi?id=1837
Comment 2 Petr Lautrbach 2014-01-07 03:32:22 AEDT
ping

Do you have any opinion on  this?
Comment 3 Damien Miller 2019-01-23 20:19:10 AEDT
Specifying -t may make the channel running scp no longer 8 bit clean.

scp now supports the -3 option for remote to remote transfers. AFAIK it solves this problem
Comment 4 Damien Miller 2021-04-23 15:04:33 AEST
closing resolved bugs as of 8.6p1 release