--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh: scp host1:file host2:. don't ask password for host2
- From: Itamar Almeida de Carvalho <itamar@oktiva.com.br>
- Date: Fri, 05 Dec 2003 12:04:50 -0300
- Message-id: <20031205150450.5925.qmail@ozonio.matriz.oktiva.com.br>
Package: ssh
Version: 1:3.6.1p2-10
Severity: normal
When I try to copy a file with scp from a remote host to another remote
host, it don't ask for password for the second one and fails
authenticatioI. If I copy from the first remote host to the local host
and then from the local to the second remote, it works well.
Following the trace first without using "-v" option (for clarity), then
using it (for security, I changed the full host name to
host2-full-address.com.br and the ip to 10.0.0.1 - it was a valid
Internet address):
[itamar@horizon:~] scp ozonio:MinhaPagina.txt host2-full-address.com.br:.
itamar@ozonio's password:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
lost connection
[itamar@horizon:~] scp ozonio:MinhaPagina.txt .
itamar@ozonio's password:
MinhaPagina.txt
100% 360 12.3KB/s 00:00
[itamar@horizon:~] scp MinhaPagina.txt host2-full-address.com.br:.
itamar@host2-full-address.com.br's password:
MinhaPagina.txt
100% 360 968.4KB/s 00:00
[itamar@horizon:~] scp -v ozonio:MinhaPagina.txt host2-full-address.com.br:.
Executing: exec /usr/bin/ssh -v -x -o'ClearAllForwardings yes' -n ozonio
scp -v MinhaPagina.txt 'host2-full-address.com.br:.'
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL
0x0090703f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to ozonio [192.168.166.10] port 22.
debug1: Connection established.
debug1: identity file /home/itamar/.ssh/identity type -1
debug1: identity file /home/itamar/.ssh/id_rsa type -1
debug1: identity file /home/itamar/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ozonio' is known and matches the RSA host key.
debug1: Found key in /home/itamar/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/itamar/.ssh/identity
debug1: Trying private key: /home/itamar/.ssh/id_rsa
debug1: Trying private key: /home/itamar/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
itamar@ozonio's password:
debug1: Authentication succeeded (password).
debug1: fd 4 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: scp -v MinhaPagina.txt host2-full-address.com.br:.
debug1: channel 0: request exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: read<=0 rfd 4 len 0
debug1: channel 0: read failed
debug1: channel 0: close_read
debug1: channel 0: input open -> drain
debug1: channel 0: ibuf empty
debug1: channel 0: send eof
debug1: channel 0: input drain -> closed
Executing: program /usr/bin/ssh host host2-full-address.com.br, user
(unspecified), command scp -v -t .
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL
0x0090703f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to host2-full-address.com.br [10.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/itamar/.ssh/identity type 0
debug1: identity file /home/itamar/.ssh/id_rsa type -1
debug1: identity file /home/itamar/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host2-full-address.com.br' is known and matches the RSA host
key.
debug1: Found key in /home/itamar/.ssh/known_hosts:19
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/itamar/.ssh/id_rsa
debug1: Trying private key: /home/itamar/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x80623c0(0x0)
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: rcvd close
lost connection
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 9.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
[itamar@horizon:~] scp -v ozonio:MinhaPagina.txt .
Executing: program /usr/bin/ssh host ozonio, user (unspecified), command
scp -v -f MinhaPagina.txt
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL
0x0090703f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to ozonio [192.168.166.10] port 22.
debug1: Connection established.
debug1: identity file /home/itamar/.ssh/identity type -1
debug1: identity file /home/itamar/.ssh/id_rsa type -1
debug1: identity file /home/itamar/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ozonio' is known and matches the RSA host key.
debug1: Found key in /home/itamar/.ssh/known_hosts:13
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/itamar/.ssh/identity
debug1: Trying private key: /home/itamar/.ssh/id_rsa
debug1: Trying private key: /home/itamar/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
itamar@ozonio's password:
debug1: Authentication succeeded (password).
debug1: fd 4 setting O_NONBLOCK
debug1: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: scp -v -f MinhaPagina.txt
debug1: channel 0: request exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
Sending file modes: C0644 360 MinhaPagina.txt
MinhaPagina.txt
100% 360 132.2KB/s 00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
[itamar@horizon:~] scp -v MinhaPagina.txt host2-full-address.com.br:.
Executing: program /usr/bin/ssh host host2-full-address.com.br, user
(unspecified), command scp -v -t .
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10, SSH protocols 1.5/2.0, OpenSSL
0x0090703f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to host2-full-address.com.br [10.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/itamar/.ssh/identity type -1
debug1: identity file /home/itamar/.ssh/id_rsa type -1
debug1: identity file /home/itamar/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host2-full-address.com.br' is known and matches the RSA host
key.
debug1: Found key in /home/itamar/.ssh/known_hosts:18
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/itamar/.ssh/identity
debug1: Trying private key: /home/itamar/.ssh/id_rsa
debug1: Trying private key: /home/itamar/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
itamar@host2-full-address.com.br's password:
debug1: Authentication succeeded (password).
debug1: fd 4 setting O_NONBLOCK
debug1: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: scp -v -t .
debug1: channel 0: request exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
Sending file modes: C0644 360 MinhaPagina.txt
MinhaPagina.txt
100% 360 922.7KB/s 00:00
debug1: channel 0: read<=0 rfd 4 len 0
debug1: channel 0: read failed
debug1: channel 0: close_read
debug1: channel 0: input open -> drain
debug1: channel 0: ibuf empty
debug1: channel 0: send eof
debug1: channel 0: input drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.8 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux ozonio 2.4.22 #1 Thu Oct 2 16:48:26 GMT+3 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US (ignored: LC_ALL set to pt_BR)
Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.3.20 Debian configuration management sy
ii dpkg 1.10.18 Package maintenance system for Deb
ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an
ii libpam-modules 0.76-14 Pluggable Authentication Modules f
ii libpam-runtime 0.76-14 Runtime support for the PAM librar
ii libpam0g 0.76-14 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.1.4-17 compression library - runtime
-- debconf information:
* ssh/privsep_tell:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/ssh2_keys_merged:
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: false
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
--- End Message ---
--- Begin Message ---
- To: 222992-done@bugs.debian.org
- Subject: Re: Bug#222992: ssh: scp host1:file host2:. don't ask password for host2
- From: Colin Watson <cjwatson@debian.org>
- Date: Sun, 7 Jun 2020 10:41:03 +0100
- Message-id: <20200607094103.GA6138@riva.ucam.org>
- In-reply-to: <20040501133206.GA4480@riva.ucam.org>
- References: <20031205150450.5925.qmail@ozonio.matriz.oktiva.com.br> <20040501133206.GA4480@riva.ucam.org>
Source: openssh
Source-Version: 1:5.7p1-1
On Sat, May 01, 2004 at 02:32:06PM +0100, Colin Watson wrote:
> On Fri, Dec 05, 2003 at 12:04:50PM -0300, Itamar Almeida de Carvalho wrote:
> > When I try to copy a file with scp from a remote host to another remote
> > host, it don't ask for password for the second one and fails
> > authenticatioI. If I copy from the first remote host to the local host
> > and then from the local to the second remote, it works well.
>
> Yes, the syntax you used effectively sshs to host1 and then scps from
> there to host2; I believe you need to be using public-key authentication
> via an ssh-agent and agent forwarding to host1 in order for this to
> work. Considering the compatibility limitations of scp
> (http://www.openssh.org/faq.html#2.10), I doubt this will be fixed.
In fact, as of OpenSSH 5.7 (released in 2011), there's an "scp -3"
option which does what you want here. Sorry for forgetting about this
bug at the time.
--
Colin Watson (he/him) [cjwatson@debian.org]
--- End Message ---