Sftp login failed by sftp user@[ip] in openssh 7.9. for example, sftp root@[127.0.0.1]
Logging in to a host with an ipv6 address has the same problem。for example,sftp root@[2000:188:188:188::180]
What options did you give to configure? Can you provide some more information about the platform? Linux/x86 covers a lot of ground. Please attach (via "add an attachment") both the server-side debug log and the client debug log. You can create this by running "/path/to/sshd -p222 -ddde" on the server and adding "-oPort=222 -vvv" to the sftp command line.
platform information: 3.10.0-693.21.1.el7.x86_64 #1 SMP Thu Apr 18 19:26:34 CST 2019 x86_64 x86_64 x86_64 GNU/Linux client output: [root@localhost ~]# sftp -oPort=222 -vvv root@[127.0.0.1] OpenSSH_7.9p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 53: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 2: include /etc/crypto-policies/back-ends/openssh.config matched no files debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * debug2: resolving "[127.0.0.1]" port 222 /etc/host.conf: line 1: bad command `nospoof on' ssh: Could not resolve hostname [127.0.0.1]: Name or service not known Connection closed. Connection closed server output: [root@localhost ~]# /usr/sbin/sshd -p222 -ddde debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 1237 debug2: parse_server_config: config /etc/ssh/sshd_config len 1237 debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key debug3: /etc/ssh/sshd_config:40 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:46 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:55 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:63 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:68 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:72 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:73 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:77 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:87 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:88 setting GSSAPICleanupCredentials no debug3: /etc/ssh/sshd_config:104 setting UsePAM yes debug3: /etc/ssh/sshd_config:115 setting PrintMotd no debug3: /etc/ssh/sshd_config:135 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:136 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:137 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:138 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:141 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug3: /etc/ssh/sshd_config:149 setting Ciphers aes128-ctr,aes192-ctr,aes256-ctr debug3: /etc/ssh/sshd_config:150 setting Protocol 2 debug2: /etc/ssh/sshd_config line 150: Deprecated option Protocol debug3: /etc/ssh/sshd_config:151 setting LogLevel INFO debug3: /etc/ssh/sshd_config:152 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:153 setting MaxAuthTries 4 debug3: /etc/ssh/sshd_config:154 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:155 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:156 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:157 setting PermitUserEnvironment no debug3: /etc/ssh/sshd_config:158 setting ClientAliveInterval 300 debug3: /etc/ssh/sshd_config:159 setting ClientAliveCountMax 0 debug3: /etc/ssh/sshd_config:160 setting LoginGraceTime 60 debug3: /etc/ssh/sshd_config:161 setting Banner /etc/issue.net debug3: /etc/ssh/sshd_config:162 setting KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521] debug1: sshd version OpenSSH_7.9, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: private host key #0: ssh-rsa SHA256:JNXgm/Hu3ggGJt7D36qlpfTnviRDrvFyY91fgUdFCDQ debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:gOJ3z2IFidxCFIROUfil58OBUa0f/6TTrsNTmu7blG4 debug1: private host key #2: ssh-ed25519 SHA256:H5tKtOabvsEjiVLCEpmrRhTk0U5Njpxz86OUff4MX20 debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-p222' debug1: rexec_argv[2]='-ddde' debug3: oom_adjust_setup debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 222 on 0.0.0.0. Server listening on 0.0.0.0 port 222. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 222 on ::. Server listening on :: port 222.
(In reply to guo chuang from comment #3) [...] > debug2: resolving "[127.0.0.1]" port 222 > /etc/host.conf: line 1: bad command `nospoof on' > ssh: Could not resolve hostname [127.0.0.1]: Name or service not known > Connection closed. Looks like you have the client's resolver misconfigured. The debug shows the server never receives a connection.
First of all, I also think that it has nothing to do with the server. I think it should be that the sftp client code cannot filter the character "[]" of the string in [ip], which prevents the correct IP from being used to establish the connection. In addition, using the sftp client of openssh 7.6 in the same environment is normal, so I suspect that the processing of the sftp client is problematic.
ah, ok, I didn't get that it was specifically about the square brackets. I can reproduce locally, I'll take a look.
I bisected it and it stopped working at: 887669ef032d63cf07f53cada216fa8a0c9a7d72 is the first bad commit commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 Author: millert@openbsd.org <millert@openbsd.org> Date: Sat Oct 21 23:06:24 2017 +0000 upstream commit Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
I think I see what happened. sftp's command line parsing does this: if (parse_user_host_path(*argv, &user, &host, &file1) == -1) { /* Treat as a plain hostname. */ host = xstrdup(*argv); host = cleanhostname(host); } cleanhostname() removes the square brackets by looking at the first and last characters, but in your example it'll get the username too and so do nothing.
Created attachment 3273 [details] Check for user@host when parsing sftp target. Please try this patch, which should fix it. It's against -current, but should apply to 7.9p1.
In fact, I also tried to fix it before, the patch is as follows: int in, out, ch, err, tmp, port = -1; - char *host = NULL, *user, *cp, *file2 = NULL; + char *host = NULL, *user, *userhost, *cp, *file2 = NULL; int debug_level = 0, sshver = 2; char *file1 = NULL, *sftp_server = NULL; char *ssh_program = _PATH_SSH_PROGRAM, *sftp_direct = NULL; @@ -2496,8 +2496,24 @@ default: if (parse_user_host_path(*argv, &user, &host, &file1) == -1) { + /* Treat as a plain hostname. */ - host = xstrdup(*argv); + userhost = xstrdup(*argv); + if ((host = strrchr(userhost, '@')) == NULL) + host = userhost; + else { + *host++ = '\0'; + if (!userhost[0]) { + fprintf(stderr, "Missing username\n"); + usage(); + + } + + //because *host++='\0',so then userhost str include username. + user=userhost; + + } The above patch self-test is ok 。 + host = cleanhostname(host); } break;
See also: https://bugzilla.mindrot.org/show_bug.cgi?id=2899
(In reply to Jakub Jelen from comment #11) > See also: > > https://bugzilla.mindrot.org/show_bug.cgi?id=2899 I think it should have nothing to do with this bug. This patch has been incorporated in openssh 7.9, and this patch only affects scp.
(In reply to Darren Tucker from comment #9) > Created attachment 3273 [details] > Check for user@host when parsing sftp target. > > Please try this patch, which should fix it. It's against -current, > but should apply to 7.9p1. 1. I tried this patch and the problem still exists. Have you ever tested before? 2. I think this patch does not seem to handle the square brackets in [ip]. 3. Also, I have submitted a patch to github. The patch link is as follows: Https://github.com/guochuang2008/opensshportable/commit/a5642196dcf5067d91dabaa03e0bc6cb90118be4 4. Trouble with time to help review the patch I submitted. thank you!
(In reply to guo chuang from comment #13) [...] > 1. I tried this patch and the problem still exists. Did you run the newly patched binary? > Have you ever tested before? Yes, built against -current. Just retested it with 7.9p1 and it also seems to work for me: $ ./sftp root@[127.0.0.1] ssh: Could not resolve hostname [127.0.0.1]: Name or service not known Connection closed. Connection closed $ patch -p0 <~/tmp/sftp-host-squarebracket.patch patching file sftp.c $ make [...] $ ./sftp root@[127.0.0.1] Connected to 127.0.0.1. Do you have a different test case?
1. First of all, please help me to confirm that the patch I am joining is correct. The patch is as follows: diff -aruN openssh-7.9p1-org/sftp.c openssh-7.9p1/sftp.c --- openssh-7.9p1-org/sftp.c 2019-04-29 14:35:19.097608142 +0800 +++ openssh-7.9p1/sftp.c 2019-04-29 14:57:42.013557705 +0800 @@ -2495,11 +2495,16 @@ break; default: if (parse_user_host_path(*argv, &user, &host, - &file1) == -1) { - /* Treat as a plain hostname. */ - host = xstrdup(*argv); - host = cleanhostname(host); - } + &file1) == 0) + break; + + if (parse_user_host_path(*argv, &user, &host,NULL) + == 0) + break; + + /* Treat as a plain hostname. */ + host = xstrdup(*argv); + host = cleanhostname(host); break; } file2 = *(argv + 1); 2.If the above patch does not have a join problem, the binary I used should be correct. Because I used gdb to debug the sftp code, the patch code has been reflected in the new binary. The specific debugging information is as follows: (gdb) list 2497 2492 case 0: 2493 if (tmp != -1) 2494 port = tmp; 2495 break; 2496 default: 2497 if (parse_user_host_path(*argv, &user, &host, 2498 &file1) == 0) 2499 break; 2500 2501 if (parse_user_host_path(*argv, &user, &host,NULL) (gdb) list 2500 2495 break; 2496 default: 2497 if (parse_user_host_path(*argv, &user, &host, 2498 &file1) == 0) 2499 break; 2500 2501 if (parse_user_host_path(*argv, &user, &host,NULL) 2502 == 0) 2503 break; 2504 (gdb) n 2506 host = xstrdup(*argv); (gdb) n 2507 host = cleanhostname(host); (gdb) n 2512 if (!*host) { (gdb) n 2510 file2 = *(argv + 1); (gdb) n 2512 if (!*host) {
(In reply to Darren Tucker from comment #14) > (In reply to guo chuang from comment #13) > [...] > > 1. I tried this patch and the problem still exists. > > Did you run the newly patched binary? > > > Have you ever tested before? > > Yes, built against -current. Just retested it with 7.9p1 and it > also seems to work for me: > > $ ./sftp root@[127.0.0.1] > ssh: Could not resolve hostname [127.0.0.1]: Name or service not > known > Connection closed. > Connection closed > $ patch -p0 <~/tmp/sftp-host-squarebracket.patch > patching file sftp.c > $ make > [...] > $ ./sftp root@[127.0.0.1] > Connected to 127.0.0.1. > > Do you have a different test case? 1. First of all, please help me to confirm that the patch I am joining is correct. The patch is as follows: diff -aruN openssh-7.9p1-org/sftp.c openssh-7.9p1/sftp.c --- openssh-7.9p1-org/sftp.c 2019-04-29 14:35:19.097608142 +0800 +++ openssh-7.9p1/sftp.c 2019-04-29 14:57:42.013557705 +0800 @@ -2495,11 +2495,16 @@ break; default: if (parse_user_host_path(*argv, &user, &host, - &file1) == -1) { - /* Treat as a plain hostname. */ - host = xstrdup(*argv); - host = cleanhostname(host); - } + &file1) == 0) + break; + + if (parse_user_host_path(*argv, &user, &host,NULL) + == 0) + break; + + /* Treat as a plain hostname. */ + host = xstrdup(*argv); + host = cleanhostname(host); break; } file2 = *(argv + 1); 2.If the above patch does not have a join problem, the binary I used should be correct. Because I used gdb to debug the sftp code, the patch code has been reflected in the new binary. The specific debugging information is as follows: (gdb) list 2497 2492 case 0: 2493 if (tmp != -1) 2494 port = tmp; 2495 break; 2496 default: 2497 if (parse_user_host_path(*argv, &user, &host, 2498 &file1) == 0) 2499 break; 2500 2501 if (parse_user_host_path(*argv, &user, &host,NULL) (gdb) list 2500 2495 break; 2496 default: 2497 if (parse_user_host_path(*argv, &user, &host, 2498 &file1) == 0) 2499 break; 2500 2501 if (parse_user_host_path(*argv, &user, &host,NULL) 2502 == 0) 2503 break; 2504 (gdb) n 2506 host = xstrdup(*argv); (gdb) n 2507 host = cleanhostname(host); (gdb) n 2512 if (!*host) { (gdb) n 2510 file2 = *(argv + 1); (gdb) n 2512 if (!*host) { 3. my test case is as follows: sftp root@[127.0.0.1]
Yeah that's it. I don't understand why you're seeing different results to what I am :-( $ git checkout V_7_9_P1 HEAD is now at aede1c34 Require OpenSSL 1.1.x series 1.1.0g or greater $ git status HEAD detached at V_7_9_P1 nothing to commit, working tree clean $ lynx -source 'https://bugzilla.mindrot.org/attachment.cgi?id=3273' | patch -p0 patching file sftp.c Hunk #1 succeeded at 2494 (offset 16 lines) $ autoreconf && ./configure && make -j4 && sudo make install [...] $ ./sftp -v root@[127.0.0.1] OpenSSH_7.9p1, OpenSSL 1.1.0g 2 Nov 2017 [...] debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. [...] root@127.0.0.1's password:
Looking at your gdb output, it appears that you have hand-applied the patch and not removed the lines that were supposed to be deleted: > - if (parse_user_host_path(*argv, &user, &host, > - &file1) == -1) { is supposed to be gone, but your gdb output includes it: > (gdb) list 2500 > 2495 break; > 2496 default: > 2497 if (parse_user_host_path(*argv, &user, &host, > 2498 &file1) == 0) I think this is why it isn't working for you.
Darren's patch was committed in June and will be included in OpenSSH 8.1, due soon.
Closing all resolved bug with release of openssh-8.2