bug in scp (maybe)
Andy Tsouladze
andyb1 at andy-t.org
Mon Jan 20 16:38:45 EST 2014
Hello,
While playing around with various openssh features and options, I tried to
use `scp -3' which copies files between two remote systems. It works fine
if password is not required for either SRC or DEST systems, and if
password is required only for one remote system (either SRC or DEST). The
problem happens only if both SRC and DEST systems require a password.
Here is a session:
----------------------------
scp -3 andyt2 at majesty:/etc/group andyt2 at mate:/tmp/group
andyt2 at majesty's password: andyt2 at mate's password:
XXXXXX
---------------------------
As you can see, after the command is started, both remote systems prompt
for a password on the same line. So I enter a password for user andyt2
and press ENTER. What happens next is probably a bug. Line advances, and
nothing at all happens. So I am assuming that now the second system is
waiting for a password. I enter it, and it appears in the terminal in
cleartext (substituted here with XXXXXX). The command then proceeds and
finishes successfully.
A workaround I found is to simply press ENTER instead of typing a second
password. Then, you get an error saying the password is incorrect, and
a new, normal password prompt appears. Enter the password, and this time,
it is not visible.
This is what it looks like:
----------------------------
andyt at king: andyt> scp -3 andyt2 at majesty:/etc/group andyt2 at mate:/tmp/group
andyt2 at majesty's password: andyt2 at mate's password:
Permission denied, please try again.
andyt2 at mate's password:
----------------------------
I imagine a similar problem may exist if a user is prompted for a
passphrase.
System info:
All three systems run Slackware ver. 14.0, openssh-6.4.
Please let me know if further clarification or test runs are needed.
Regards,
Andy
Dr Andy Tsouladze
Sr Unix/Storage/Security SysAdmin
PWD=`cat /dev/urandom | sed 's/[^\x21-\x7f]//g' | head -c 14`
More information about the openssh-unix-dev
mailing list