Red Hat Bugzilla – Full Text Bug Listing
|Summary:||(PATCH)Openssh authentication is buggy|
|Product:||[Fedora] Fedora||Reporter:||Alan Cox <alan>|
|Component:||openssh||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED RAWHIDE||QA Contact:||Brian Brock <bbrock>|
|Version:||3||CC:||chris.ricker, dgunchev, eandres, forresttaylor2000, k.georgiou, mal, menscher, p.van.egdom, redhat-bugzilla, ronny-rhbugzilla, t8m, wtogami|
|Fixed In Version:||openssh-3.9p1-11||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-03-15 04:33:30 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||123268, 136451|
Description Alan Cox 2003-08-29 08:26:47 EDT
Description of problem: On a beta box scp root@box1:file root@box2:file It asks for the password of box, it then prints "Permission denied" 3 times without asking for the root password of box2.
Comment 1 Bill Nottingham 2003-10-21 16:39:04 EDT
Does this happen with test3?
Comment 2 Alan Cox 2003-10-21 16:45:31 EDT
It does. Simple example scp firstname.lastname@example.org:/etc/motd email@example.com:/tmp/foo Asks password for one side then displays Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password,keyboard-interactive).
Comment 3 Forrest 2003-10-29 17:36:47 EST
This is a problem not only with the betas, but with many versions of Red Hat. I tried this: scp root@localhost:/etc/motd root@localhost:/tmp/foo It asks for the first password, but fails on the second. I verified this on Red Hat 7.2, 7.3, 8.0, 9, AS 2.1 and both betas. I created an ssh key, and then I see in the logs that it authenticates twice. The question is--has this ever worked with openssh?
Comment 4 Forrest 2003-10-29 17:39:48 EST
To clarify: scp /etc/motd root@localhost:/tmp/foo works where: scp root@localhost:/etc/motd root@localhost:/tmp/foo does not. It does state in the man page that it is possible to use two remote hosts.
Comment 5 Damian Menscher 2003-11-12 18:34:20 EST
I see something similar on a RH7.3 (fully patched) box. It's trying to run the ssh-askpass program and that fails if your $DISPLAY is wrong/unset. The thing I don't understand is why it's trying to run that program. The ssh manpage says it runs $SSH_ASKPASS if you're not running ssh from a terminal. But xterm *is* a terminal (last I checked) so that should not be happening. Really stumped on this one.
Comment 6 Damian Menscher 2003-11-12 19:41:10 EST
Ok, so my problem was incorrect permissions on /dev/tty, so it's not directly related to this bug. However, I learned something that may explain what you guys are seeing. If you're not running from a terminal then it uses the $SSH_ASKPASS program. When you're trying to scp a box between two remote boxes, the connection between them doesn't have a terminal, right? I can't say for sure, but I think I might be on to the root of the problem. Good luck!
Comment 7 Alan Cox 2004-03-11 18:31:02 EST
Still present in Fedora Core 2 test 1
Comment 8 Alan Cox 2004-04-21 13:26:49 EDT
Still present in Fedora Core 2 test 2
Comment 9 Eric Andresen 2004-06-22 15:36:00 EDT
It might be interesting to note that this does not occur when authenticating with gssapi (using the OpenSSH GSSAPI patch). It still occurs if you use keypair authentication. This gives some confirmation to it being ASKPASS related.
Comment 10 Robert Scheck 2004-08-17 21:45:39 EDT
Bug is still present in openssh-3.8.1p1-5: # scp root@localhost:/etc/motd root@localhost:/tmp/foo root@localhost's password: Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password,keyboard-interactive). lost connection #
Comment 11 Chris Ricker 2004-08-25 10:36:01 EDT
Just to complicate things, here's what I see with FC2. Using password-based authentication fails with bogus key-verification errors: $ scp root@localhost:/etc/passwd root@localhost:/tmp/passwd root@localhost's password: Host key verification failed. lost connection $ The host key *is* correct in the above Using key-based authentication works: $ rm /tmp/passwd $ scp localhost:/etc/passwd localhost:/tmp/passwd $ ls -l /tmp/passwd -rw-r--r-- 1 kaboom kaboom 1942 Aug 25 10:35 /tmp/passwd $
Comment 12 Tomas Mraz 2004-09-14 08:59:46 EDT
Created attachment 103825 [details] Proposed patch This was really easy to fix. Note however that I don't know if it doesn't have any unwanted side effects. Also note that if you try this: scp firstname.lastname@example.org:/xxxxx anyone@localhost:/bbbbbb it will do something else than what you thought it should do, because it will copy the /xxxxx file to the localhost on the remote machine not on the machine you have typed the command on.
Comment 13 Ronny Buchmann 2004-10-19 13:38:36 EDT
*** Bug 121568 has been marked as a duplicate of this bug. ***
Comment 14 Alan Cox 2004-10-22 08:36:38 EDT
Still broken over a year late in FC3test3 despite a patch in the bug