[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    bug in scp (maybe)
From:       Andy Tsouladze <andyb1 () andy-t ! org>
Date:       2014-01-20 5:38:45
Message-ID: alpine.LNX.2.02.1401192314190.26637 () mate ! andy-t ! org
[Download RAW message or body]

Hello,

While playing around with various openssh features and options, I tried to 
use `scp -3' which copies files between two remote systems.  It works fine 
if password is not required for either SRC or DEST systems, and if 
password is required only for one remote system (either SRC or DEST).  The 
problem happens only if both SRC and DEST systems require a password. 
Here is a session:

----------------------------
scp -3 andyt2@majesty:/etc/group andyt2@mate:/tmp/group
andyt2@majesty's password: andyt2@mate's password:
XXXXXX

---------------------------
As you can see, after the command is started, both remote systems prompt 
for a password on the same line.  So I enter a password for user andyt2 
and press ENTER.  What happens next is probably a bug.  Line advances, and 
nothing at all happens.  So I am assuming that now the second system is 
waiting for a password.  I enter it, and it appears in the terminal in 
cleartext (substituted here with XXXXXX).  The command then proceeds and 
finishes successfully.

A workaround I found is to simply press ENTER instead of typing a second 
password.  Then, you get an error saying the password is incorrect, and 
a new, normal password prompt appears.  Enter the password, and this time, 
it is not visible.

This is what it looks like:

----------------------------
andyt@king: andyt> scp -3 andyt2@majesty:/etc/group andyt2@mate:/tmp/group
andyt2@majesty's password: andyt2@mate's password:


Permission denied, please try again.
andyt2@mate's password:
----------------------------

I imagine a similar problem may exist if a user is prompted for a 
passphrase.

System info:

All three systems run Slackware ver. 14.0, openssh-6.4.

Please let me know if further clarification or test runs are needed.

Regards,

Andy

Dr Andy Tsouladze
Sr Unix/Storage/Security SysAdmin
PWD=`cat /dev/urandom | sed 's/[^\x21-\x7f]//g' | head -c 14`
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic