OpenSSH/scp ->> F-Secure SSH server Problems

Thu Mar 8 02:57:13 EST 2001

Thanks for your reply, Ben.

If I'm reading your response correctly, 'scp' actually uses SSH1 protocol to
transfer files.  My assumption was that 'scp', by using the 'ssh' client,
would operate based on the settings in the /etc/ssh/ssh_config file.  In
this file the site-wide default settings I have "Protocol 2", that is that
the 'ssh' client would always use SSH2 protocol unless I specify SSH1
protocol at the command line.  I guess I was wrong here.  However, reading
the 'man' pages for 'scp' and 'ssh' would lead to the conclusion that is
possible.  To satisfy my curiosity, I tried using the scp '-o' option to
pass the '-2' option to 'ssh' -- which forces 'ssh' to force SSH2.  The
result:

$ scp -o -2 fci07230.998 ricardo at 205.215.35.38:
command-line: line 0: Bad configuration option: -2
lost connection

I guess this means that scp will not allow the use of '-2' for the transfer,
correct?  Perhaps the 'scp' man page needs to explicitly state the
limitation that it can only use SSH1.  I was unaware that there was a
different implementation of secure copy that allowed the use of SSH2 (that
is, scp2).

-Ricardo

-----Original Message-----
From: mouring at etoh.eviladmin.org [mailto:mouring at etoh.eviladmin.org]
Sent: Wednesday, March 07, 2001 10:20 AM
To: Davis, Ricardo C.
Cc: 'Antti Akonniemi'
Subject: RE: OpenSSH/scp ->> F-Secure SSH server Problems

OpenSSH will allow for authentication because scp2 like scp and sftp
uses the 'ssh' program to create the secure connection.  Thus allowing
scp2, scp, and sftp to be non-setuid root binaries.

There is talk about implementing scp2 for OpenSSH, but I think that
features first need to be added to sftp before we write an scp2 wrapper
around sftp.

Hopefully in the near future we will have scp2 support.  We just acquired
sftp client support within the last month.

- Ben

On Wed, 7 Mar 2001, Davis, Ricardo C. wrote:

> Thanks VERY much, Antti!  We've been working on this problem since Friday
> with no success.  I'll do some testing with the OpenSSH 'sftp' client in
our
> scripts to see if can make it work for our needs.
> 
> 
> -Ricardo
> 
> -----Original Message-----
> From: Antti Akonniemi [mailto:Antti.Akonniemi at F-Secure.com]
> Sent: Wednesday, March 07, 2001 4:24 AM
> To: Davis, Ricardo C.
> Subject: Re: OpenSSH/scp ->> F-Secure SSH server Problems
> 
> 
> Ok here's what I found in testing:
> 
> OpenSSH's scp seems not be SSH2 compatible
> OpenSSH's sftp seems to work without any problems (use this)
> 
> I'm still puzzled how the scp let's you authenticate your self.. but the
> problem seems to be still on the openssh side.
> 
> Hope this helped,
> 
> Antti
> 
> "Davis, Ricardo C." wrote:
> > 
> > Hi,
> > 
> > Is there some know problem between the 'scp' client in OpenSSH 2.5.1p1
and
> > F-Secure's SSH 2.4.0 server?  The client is running on a Linux (2.2.17)
> box
> > and server is running on Win2K.  When I try to transfer files it asks me
> for
> > the password (which I provide) then it hangs.  Using 'scp -v' didn't
> provide
> > any helpful info; it's as though the problem happened before the
> > authentication completed.  I've looked through both the openssh-unix-dev
> and
> > secure-shell list archives and I haven't seen any issue between the two.
> > 
> > -Ricardo
> 
> 