[Bug 2133] New: scp failes between two ends using password authentication

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 30 00:06:18 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2133

            Bug ID: 2133
           Summary: scp failes between two ends using password
                    authentication
           Product: Portable OpenSSH
           Version: 6.2p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: scp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: plautrba at redhat.com

If an user try to run scp with two remote ends using password
authentication, the second attempt fails:

$ scp -v -o PreferredAuthentications=password host-1:/tmp/a
host-2:/tmp/
Executing: /usr/bin/ssh -x -oClearAllForwardings=yes -n -v -o
PreferredAuthentications=password -- host-1 scp -v /tmp/a host-2:/tmp/
...
plautrba at host-1's password: 
debug1: Authentication succeeded (password).
Authenticated to host-1 ([127.0.0.1]:22).
...
Executing: program /usr/bin/ssh host host-2, user (unspecified),
command scp -v -t /tmp/
...
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.


The problem is in scp.c: toremote() which always uses "-n" for standard
remote to remote. Consequently, stdin is redirected to /dev/null and a
remote ssh can't ask for another password.

As a fix I'd propose to use the patch from RHEL:

--- a/scp.c
+++ b/scp.c
@@ -638,7 +638,10 @@ toremote(char *targ, int argc, char **argv)
                        addargs(&alist, "%s", ssh_program);
                        addargs(&alist, "-x");
                        addargs(&alist, "-oClearAllForwardings=yes");
-                       addargs(&alist, "-n");
+                       if (isatty(fileno(stdin)))
+                               addargs(&alist, "-t");
+                       else
+                               addargs(&alist, "-n");

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list