openssh unix dev - May 2003 - [Bug 557] scp over ssh-relay insists in asking passphrase

http://bugzilla.mindrot.org/show_bug.cgi?id=557

           Summary: scp over ssh-relay insists in asking passphrase
           Product: Portable OpenSSH
           Version: 3.4p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: scp
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: michael.armbrecht at hp.com


I am using OpenSSH scp over an ssh relay that does not allocate a tty. In 
version 2.3.0p1 it was possible to scp files through an ssh relay by enabling 
agent forwarding and having an ssh-agent running. This does not work anymore in 
3.4p1 - scp insists in a passphrase on the ssh relay which results in the
"You
have no controlling tty. Could not read passphrase." error message.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=557





------- Additional Comments From stuge-openssh-unix-dev at cdy.org  2003-05-09
02:33 -------
Make positively sure that agent forwarding is on everywhere. -vvv is your
friend.
And upgrade to 3.6.1p2, 3.4p1 is quite old.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=557





------- Additional Comments From michael.armbrecht at hp.com  2003-05-09 18:07
-------
Output from -vvv:
29426: debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
29426: debug1: ssh_connect: needpriv 0
29426: debug1: Connecting to xxxxxx.com [yy.yy.yy.yy] port 22.
29426: debug1: Connection established.
29426: debug1: identity file /home/xxxxxxxx/.ssh/identity type 0
29426: debug1: Remote protocol version 1.99, remote software version 
OpenSSH_2.5.1p1_OSD-SEC_A.02.11j
29426: debug1: match: OpenSSH_2.5.1p1_OSD-SEC_A.02.11j pat 
OpenSSH_2.5.0p1*,OpenSSH_2.5.1p1*
29426: debug1: Local version string SSH-1.5-OpenSSH_3.4p1
29426: debug1: Waiting for server public key.
29426: debug1: Received server public key (768 bits) and host key (1024 bits).
29426: debug3: check_host_in_hostfile: filename /home/xxxxxxxx/.ssh/known_hosts
29426: debug3: check_host_in_hostfile: match line 1
29426: debug1: Host 'xxxxxxx.com' is known and matches the RSA1 host
key.
29426: debug1: Found key in /home/xxxxxxx/.ssh/known_hosts:1
29426: debug1: Encryption type: blowfish
29426: debug1: Sent encrypted session key.
29426: debug1: Installing crc compensation attack detector.
29426: debug1: Received encrypted confirmation.
29426: debug1: Trying RSA authentication via agent with 'XXXXXXXXXXX'
29426: debug1: Received RSA challenge from server.
29426: debug1: Sending response to RSA challenge.
29426: debug1: Remote: RSA authentication accepted.
29426: debug1: RSA authentication accepted by server.
29426: debug1: Requesting compression at level 6.
29426: debug1: Enabling compression at level 6.
29426: debug1: Sending command: scp -v -f xx at xxxx:/vvvv/www/yyyyy.zzz
29426: debug1: Entering interactive session.
29426: debug1: fd 0 setting O_NONBLOCK
29426: debug1: fd 1 setting O_NONBLOCK
Need passphrase for /home/xxxxx/.ssh/identity
user at linux:~> You have no controlling tty.  Cannot read passphrase.
29426: debug2: fd 0 is not O_NONBLOCK
29426: debug1: fd 1 clearing O_NONBLOCK
29426: debug1: Transferred: stdin 55, stdout 48, stderr 55 bytes in 0.5 seconds
29426: debug1: Bytes per second: stdin 106.2, stdout 92.7, stderr 106.2
29426: debug1: Exit status 255
29426: debug1: compress outgoing: raw data 111, compressed 120, factor 1.08
29426: debug1: compress incoming: raw data 118, compressed 115, factor 0.97

Forward is on everywhere, even set it with "-o" on the cli.
Will try version 3.6.1 instead. 3.4p1 came with SuSE8.1. 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=557





------- Additional Comments From djm at mindrot.org  2003-05-14 10:32 -------
hmmm, it might have something to do with:

        addargs(&args, "-oClearAllForwardings yes");

in scp.c. Can you try removing that line and seeing whether things work?

You haven't given any details about the nature of the relay that you are
using.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

On Wed, May 14, 2003 at 10:32:53AM +1000, bugzilla-daemon at mindrot.org
wrote:
>         addargs(&args, "-oClearAllForwardings yes");
scp should _not_ disable agent forwarding i think....

Markus Friedl wrote:
> On Wed, May 14, 2003 at 10:32:53AM +1000, bugzilla-daemon at mindrot.org
wrote:
>>         addargs(&args, "-oClearAllForwardings yes");
> 
> scp should _not_ disable agent forwarding i think....
It needs it for:

scp remote1:foo remote2:bar

Maybe we need ClearPortForwardings? (we can take care of X forwarding
using ForwardX11=no).

-d