Bug 103364 - (PATCH)Openssh authentication is buggy
Summary: (PATCH)Openssh authentication is buggy
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
: 27831 121568 (view as bug list)
Depends On:
Blocks: FC3Target FC4Target
TreeView+ depends on / blocked
Reported: 2003-08-29 12:26 UTC by Alan Cox
Modified: 2007-11-30 22:10 UTC (History)
12 users (show)

Fixed In Version: openssh-3.9p1-11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-03-15 09:33:30 UTC

Attachments (Terms of Use)
Proposed patch (650 bytes, patch)
2004-09-14 12:59 UTC, Tomas Mraz
no flags Details | Diff

Description Alan Cox 2003-08-29 12:26:47 UTC
Description of problem:

On a beta box scp root@box1:file root@box2:file

It asks for the password of box, it then prints "Permission denied" 3 times
without asking
for the root password of box2.

Comment 1 Bill Nottingham 2003-10-21 20:39:04 UTC
Does this happen with test3?

Comment 2 Alan Cox 2003-10-21 20:45:31 UTC
It does.

Simple example

scp root@my.box:/etc/motd root@my.box:/tmp/foo
Asks password for one side then displays
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

Comment 3 Forrest 2003-10-29 22:36:47 UTC
This is a problem not only with the betas, but with many versions of Red Hat.  I
tried this:

scp root@localhost:/etc/motd root@localhost:/tmp/foo

It asks for the first password, but fails on the second.  I verified this on Red
Hat 7.2, 7.3, 8.0, 9, AS 2.1 and both betas.  I created an ssh key, and then I
see in the logs that it authenticates twice.  The question is--has this ever
worked with openssh?

Comment 4 Forrest 2003-10-29 22:39:48 UTC
To clarify:
scp /etc/motd root@localhost:/tmp/foo
works where:

scp root@localhost:/etc/motd root@localhost:/tmp/foo
does not.

It does state in the man page that it is possible to use two remote hosts.

Comment 5 Damian Menscher 2003-11-12 23:34:20 UTC
I see something similar on a RH7.3 (fully patched) box.  It's trying 
to run the ssh-askpass program and that fails if your $DISPLAY is 
wrong/unset.  The thing I don't understand is why it's trying to run 
that program.  The ssh manpage says it runs $SSH_ASKPASS if you're 
not running ssh from a terminal.  But xterm *is* a terminal (last I 
checked) so that should not be happening.  Really stumped on this one.

Comment 6 Damian Menscher 2003-11-13 00:41:10 UTC
Ok, so my problem was incorrect permissions on /dev/tty, so it's not 
directly related to this bug.

However, I learned something that may explain what you guys are 
seeing.  If you're not running from a terminal then it uses the 
$SSH_ASKPASS program.  When you're trying to scp a box between two 
remote boxes, the connection between them doesn't have a terminal, 

I can't say for sure, but I think I might be on to the root of the 
problem.  Good luck!

Comment 7 Alan Cox 2004-03-11 23:31:02 UTC
Still present in Fedora Core 2 test 1

Comment 8 Alan Cox 2004-04-21 17:26:49 UTC
Still present in Fedora Core 2 test 2

Comment 9 Eric Andresen 2004-06-22 19:36:00 UTC
It might be interesting to note that this does not occur when
authenticating with gssapi (using the OpenSSH GSSAPI patch). It still
occurs if you use keypair authentication. This gives some confirmation
to it being ASKPASS related.

Comment 10 Robert Scheck 2004-08-18 01:45:39 UTC
Bug is still present in openssh-3.8.1p1-5:

# scp root@localhost:/etc/motd root@localhost:/tmp/foo
root@localhost's password:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
lost connection

Comment 11 Chris Ricker 2004-08-25 14:36:01 UTC
Just to complicate things, here's what I see with FC2.

Using password-based authentication fails with bogus key-verification

$ scp root@localhost:/etc/passwd root@localhost:/tmp/passwd
root@localhost's password:
Host key verification failed.
lost connection

The host key *is* correct in the above

Using key-based authentication works:

$ rm /tmp/passwd
$ scp localhost:/etc/passwd localhost:/tmp/passwd
$ ls -l /tmp/passwd
-rw-r--r--  1 kaboom kaboom 1942 Aug 25 10:35 /tmp/passwd

Comment 12 Tomas Mraz 2004-09-14 12:59:46 UTC
Created attachment 103825 [details]
Proposed patch

This was really easy to fix. Note however that I don't know if it doesn't have
any unwanted side effects.

Also note that if you try this:
scp someone@some.remote.host:/xxxxx anyone@localhost:/bbbbbb

it will do something else than what you thought it should do, because it will
copy the /xxxxx file to the localhost on the remote machine not on the machine
you have typed the command on.

Comment 13 Ronny Buchmann 2004-10-19 17:38:36 UTC
*** Bug 121568 has been marked as a duplicate of this bug. ***

Comment 14 Alan Cox 2004-10-22 12:36:38 UTC
Still broken over a year late in FC3test3 despite a patch in the bug

Comment 15 Tomas Mraz 2005-02-07 09:46:16 UTC
*** Bug 27831 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.