Bug 2027572

Summary:	Scp A Directory to a Target Host Whose Version Is Lower Than RHEL9 Fails
Product:	Red Hat Enterprise Linux 9	Reporter:	Tingting Mao <timao>
Component:	openssh	Assignee:	Dmitry Belyavskiy <dbelyavs>
Status:	CLOSED NOTABUG	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	unspecified	Docs Contact:
Priority:	high
Version:	9.0	CC:	coli, jjelen
Target Milestone:	rc	Keywords:	Regression
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-11-30 09:05:01 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Tingting Mao 2021-11-30 06:02:18 UTC

Description of problem:
Scp a Directory to a target host whose version is lower than RHEL9 fails, while scp to the RHEL9 hosts, it will success.


Version-Release number of selected component (if applicable):
# rpm -qa | grep openssh
openssh-8.7p1-4.el9.x86_64
openssh-clients-8.7p1-4.el9.x86_64
openssh-server-8.7p1-4.el9.x86_64
# uname -r
5.14.0-21.el9.x86_64


How reproducible:
100%


Steps to Reproduce:
1. Touch a directory and write files
# mkdir sub1
# touch test.img tttt

2. Scp the directory to the target host whose version is rhel8
# scp -r sub1 root.72.90:/home/timao
root.72.90's password: 
Couldn't canonicalize: No such file or directory
Unable to canonicalize path "/home/timao/sub1"
failed to upload directory sub1 to /home/timao/sub1

The info of the target host(i.e 10.73.72.90):
# uname -r
4.18.0-350.el8.x86_64
# rpm -qa | grep openssh
openssh-askpass-8.0p1-13.el8.x86_64
openssh-8.0p1-13.el8.x86_64
openssh-server-8.0p1-13.el8.x86_64
openssh-clients-8.0p1-13.el8.x86_64

3. Change the openssh version to openssh-8.6p1-7.el9
# brew download-build --arch=x86_64 openssh-8.6p1-7.el9
# yum localinstall -y *.rpm
# rpm -qa | grep openssh
openssh-8.6p1-7.el9.x86_64
openssh-askpass-8.6p1-7.el9.x86_64
openssh-clients-8.6p1-7.el9.x86_64
openssh-server-8.6p1-7.el9.x86_64
openssh-keycat-8.6p1-7.el9.x86_64

4. Scp again the directory to the target rhel8 host
# scp -r sub1 10.73.72.90:/home/timao
root.72.90's password: 
test.img                                                100%    0     0.0KB/s   00:00    
tttt                                                    100%    0     0.0KB/s   00:00 



Actual results:
As above, it fails in step2, but successes in step4


Expected results:
Scp works both for rhel8 and rhel9.


Additional info:
1. For Step2, while scp the directory to a target host whose version is rhel9, it works well.
# scp -r sub1 10.73.224.94:/home/timao
The authenticity of host '10.73.224.94 (10.73.224.94)' can't be established.
ED25519 key fingerprint is SHA256:KPnJ9tmb8w/mcThYEZaGxAfRAppry28wzYQ4bH7RhbM.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.73.224.94' (ED25519) to the list of known hosts.
root.224.94's password: 
test.img                                                100%    0     0.0KB/s   00:00    
tttt                                                    100%    0     0.0KB/s   00:00  

The info of the target host(i.e 10.73.224.94):
# uname -r
5.14.0-15.el9.x86_64
# rpm -qa | grep openssh
openssh-8.7p1-5.el9.x86_64
openssh-askpass-8.7p1-5.el9.x86_64
openssh-clients-8.7p1-5.el9.x86_64
openssh-keycat-8.7p1-5.el9.x86_64
openssh-server-8.7p1-5.el9.x86_64

2. For step2, while scp the diretory to a rhel6 target host, it still fails with the same error messages.
The info of the rhel6 host:
# uname -r
2.6.32-216.el6.x86_64
# rpm  -qa | grep openssh
openssh-server-5.3p1-70.el6.x86_64
openssh-5.3p1-70.el6.x86_64
openssh-clients-5.3p1-70.el6.x86_64

Comment 1 Dmitry Belyavskiy 2021-11-30 07:48:07 UTC

Could you please try to use scp -O to enforce the previous behaviour?

Comment 2 Tingting Mao 2021-11-30 09:00:55 UTC

(In reply to Dmitry Belyavskiy from comment #1)
> Could you please try to use scp -O to enforce the previous behaviour?

It works when added the -O parameter.
# rpm -qa| grep openssh
openssh-8.7p1-4.el9.x86_64
openssh-clients-8.7p1-4.el9.x86_64

# scp -r sub1 10.73.72.90:/home/
root.72.90's password: 
Couldn't canonicalize: No such file or directory
Unable to canonicalize path "/home/sub1"
failed to upload directory sub1 to /home/sub1

# scp -Or sub1 10.73.72.90:/home/
root.72.90's password: 
test.img                                                100%    0     0.0KB/s   00:00    
tttt                                                    100%    0     0.0KB/s   00:00

Comment 3 Dmitry Belyavskiy 2021-11-30 09:05:01 UTC

So it is an intended behavior and documented - we've intentionally switched from the SCP to SFTP protocol for scp utility in 9.0 GA, and -O key should be specified for enforcing the old protocol.