scp not working with sftp

hl037 · 2022-12-26 10:17:33

Hi,
I have struggle making `scp` working with recent openssh updates ("recent" is vague though).
With `scp -O` it does work, but from https://lists.mindrot.org/pipermail/ope … 37672.html, it says :

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

So I am not sure it's a durable solution... And I would like it to work with latest standards...

Here is my sshd config :

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin prohibit-password    # same as without-password
StrictModes yes

PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
# AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/ssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
UseDNS no

Here is the log with `-vvv` an then with `-O -vvv` :

$>scp -vvv test VPS4:test2                                                                                                                                                                                                                            100↑
Executing: program /usr/bin/ssh host VPS4, user (unspecified), command sftp
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /home/leo/.ssh/config
debug1: /home/leo/.ssh/config line 25: Applying options for VPS4
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 51.15.41.209 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/leo/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/leo/.ssh/known_hosts2'
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 105501
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
scp: Connection closed

scp -O -vvv test VPS4:test2                                                                                                                                                                                                                         100↑
Executing: program /usr/bin/ssh host VPS4, user (unspecified), command scp -v -t test2
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /home/leo/.ssh/config
debug1: /home/leo/.ssh/config line 25: Applying options for VPS4
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 51.15.41.209 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/leo/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/leo/.ssh/known_hosts2'
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 105501
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 4
scp: debug1: fd 3 clearing O_NONBLOCK
Sending file modes: C0644 4 test
Sink: C0644 4 test
test                                                                                                                                                                                                                                                                                      0%    0     0.0KB/s   --:-- ETAscp: debug2: fd 6 setting O_NONBLOCK
scp: debug1: fd 6 clearing O_NONBLOCK
scp: debug1: fd 0 clearing O_NONBLOCK
test                                                                                                                                                                                                                                                                                    100%    4     0.0KB/s   00:00    
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 0

dimich · 2022-12-26 11:15:17

What is SSH server version at remote host? Can you get SSH logs from server side? Is shown sshd_config from server or client?

cfr · 2022-12-27 01:26:53

hl037 wrote:

Hi,
I have struggle making `scp` working with recent openssh updates ("recent" is vague though).
With `scp -O` it does work, but from https://lists.mindrot.org/pipermail/ope … 37672.html, it says :
The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.
So I am not sure it's a durable solution... And I would like it to work with latest standards...

What exactly do you want to do? I assume the thought is that scp is not a long-term solution because the quote suggests it is regarded as deprecated/obsolete by upstream and is likely to eventually be abandoned? If so, the only solution is to switch to another option (rsync or whatever). But that's not what you seem to be trying to do. On the other hand, if you aren't concerned about durability, then you can continue trying to get scp to work until that becomes more trouble than switching. Could you clarify whether you're wanting to do durable-not-scp or non-durable-scp?

Edit: Or is the command wrong in one of your code blocks? One says you try scp, scp is tried and it ends in error. The other says you try scp, sftp is tried and it ends in error. If one of the commands should be sftp rather than scp, your post would make a whole lot more sense. So maybe there's just a copy-paste error or typo here?

Last edited by cfr (2022-12-27 01:32:21)

Arch Linux

#1 2022-12-26 10:17:33

scp not working with sftp

#2 2022-12-26 11:15:17

Re: scp not working with sftp

#3 2022-12-27 01:26:53

Re: scp not working with sftp

Board footer