bugzilla-daemon at mindrot.org
2013-Jul-01 10:01 UTC
[Bug 2123] New: does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
Bug ID: 2123
Summary: does not seem to support sftp protocol version 5
rename flag for overwriting files
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sftp-server
Assignee: unassigned-bugs at mindrot.org
Reporter: ms at teamix.de
Due to http://bugs.debian.org/714606 I seek an alternative to
ruby-net-ssh ssh.exec("mv old new") the authorized key file for our
distkeys SSH key distribution tool that I currently packages for Debian
(see there bug #712787).
I thought about using ruby-net-sftp rename! function as follows:
@sftp.rename!( newauthkeyfile, @authkeyfile, 0x0001 )
But I do get:
./distkeys -K somekey.pub -H somehost remove
Host: somehost
Connecting to host somehost (user: someuser, port: someport)...
Opening SFTP session...
Key somekey removed.
Creating a backup to .ssh/authorized_keys-2013-07-01.bak if not already
done today...
Uploading keys to .ssh/authorized_keys-new...
File does exist and has correct size, moving to .ssh/authorized_keys...
.ssh/authorized_keys-new
.ssh/authorized_keys
/usr/lib/ruby/vendor_ruby/net/sftp/session.rb:846:in `wait_for':
Net::SFTP::StatusException (4, "failure") (Net::SFTP::StatusException)
from /usr/lib/ruby/vendor_ruby/net/sftp/session.rb:590:in
`rename!'
from ./distkeys:210:in `block in commit'
from /usr/lib/ruby/vendor_ruby/net/sftp/request.rb:87:in `call'
from /usr/lib/ruby/vendor_ruby/net/sftp/request.rb:87:in
`respond_to'
from /usr/lib/ruby/vendor_ruby/net/sftp/session.rb:948:in
`dispatch_request'
from /usr/lib/ruby/vendor_ruby/net/sftp/session.rb:911:in
`when_channel_polled'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/channel.rb:311:in `call'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/channel.rb:311:in
`process'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:214:in `block
in preprocess'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:214:in `each'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:214:in
`preprocess'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:197:in
`process'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:161:in `block
in loop'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:161:in `loop'
from
/usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:161:in `loop'
from /usr/lib/ruby/vendor_ruby/net/sftp/session.rb:802:in
`loop'
from /usr/lib/ruby/vendor_ruby/net/sftp/request.rb:72:in `wait'
from /usr/lib/ruby/vendor_ruby/net/sftp/session.rb:842:in
`wait_for'
from /usr/lib/ruby/vendor_ruby/net/sftp/session.rb:320:in
`lstat!'
from ./distkeys:200:in `commit'
from ./distkeys:589:in `handle_host'
from ./distkeys:681:in `block in handle_gwhost'
from ./distkeys:664:in `each'
from ./distkeys:664:in `handle_gwhost'
from ./distkeys:696:in `loop'
from ./distkeys:801:in `<main>'
If I prepend an
@sftp.remove!( @authkeyfile )
the file rename works. But I'd like to avoid having the race condition.
Ideally I like to use flags 0x0001 for overwrite and 0x0002 for
rewriting atomically for better security.
But according to ruby-net-sftp docs these require SFTP protocol version
5:
http://net-ssh.rubyforge.org/sftp/v2/api/
sftp client manpage as of openssh-client 6.0p1-4 (same on server) only
refers to protocol versions 1 and 2, but I am not sure whether this
refers to SSH or SFTP protocol version.
After trying to use SFTP to workaround the initial issue with
ruby-net-ssh I will now try ruby-net-scp for both file upload and
rename.
Thanks,
Martin
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Jul-01 10:01 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
Martin Steigerwald <ms at teamix.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|6.2p1 |6.0p1
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Jul-01 10:03 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123 --- Comment #1 from Martin Steigerwald <ms at teamix.de> --- git repo of script is at: git://oss.teamix.org/distkeys.git tag to reproduce problem is: openssh-bug-2123 Thanks, Martin -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Jul-01 10:18 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
OpenSSH does not support sftp protocol version 5 and given the required
complexity to do so is unlikely to any time soon.
It does implement a vendor extension to protocol version 3
("posix-rename at openssh.com") that does what you want.
The details are in
http://openssh.com/specs.html and
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL?rev=HEAD;content-type=text/plain
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Jul-01 11:35 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
--- Comment #3 from Martin Steigerwald <ms at teamix.de> ---
Thanks, Darren, reported issue upstream at:
please support protocol version 3 ("posix-rename at openssh.com")
https://github.com/net-ssh/net-sftp/issues/31
Since Ruby Net SCP does not yet seem to support renames I am using the
delete first, rename them work-around for now to get distkeys
compatible with Ruby 1.9 until a more solution becomes viable.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Oct-10 00:51 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Closing: this looks like a bug in ruby-net-ssh rather than sftp-server.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Oct-14 08:09 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
--- Comment #5 from Martin Steigerwald <ms at teamix.de> ---
Damien, huh? It is an SFTP v5 protocol feature that OpenSSH does not
support. In what way is this SFTP v5 protocol less important than the
vendor extension to protocol version 3 ("posix-rename at
openssh.com").
In other words: I do not agree to the notion of "we don't support this
feature of the protocol, but the client uses is, thus its the client
fault" I read out of your statement.
Resolution "WORKSFORME" also does not seem to apply or did you test
with recent version of ruby-net-sftp or did you at least test the
vendor extension rename function?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Oct-14 10:35 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123 --- Comment #6 from Damien Miller <djm at mindrot.org> --- It's totally the client's fault if it calls a protocol method that doesn't exist for the revision of the protocol that the server advertises. We decided long ago not to support versions of the sftp protocol after 3; the standards process ran off the rails at that point. We're happy to add specific features that people need as protocol extensions (and document them in our PROTOCOL file). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Oct-14 12:14 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123 --- Comment #7 from Martin Steigerwald <ms at teamix.de> --- Hmmm, okay, the server doesn't advertise V5. Well. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:42 UTC
[Bug 2123] does not seem to support sftp protocol version 5 rename flag for overwriting files
https://bugzilla.mindrot.org/show_bug.cgi?id=2123
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.