:::: MENU ::::
Posts tagged with: scp returns to prompt

Gotcha: SCP Returns To Prompt – OpenSSH

Background – SCP Failing

On my lab network, I have a box which will reach out to my application gateways and SCP statistics back to my reporting server. I took this idea, and applied it to an audit solution, where I would grab the config of a router/firewall/switch, and return it back to my Audit appliance. It worked great for most devices, but when I ran it against some Juniper ISG’s, it hit a brick wall, figuratively.

The Issue

The issue is the addition of double dash’s in the SCP command, which is sent to the remote device:

# scp -v admin@ /backup/config/
Executing: program /usr/bin/ssh host, user admin, 
command scp -v -f -- ns_sys_config

The -v is used for verbose mode, which is where the excerpt above came from. The -f is to tell the destination device to expect a filename, and the — is to tell the remote host that all switches have been communicated.

Not all SSH capable devices support the — feature, resulting in the appending it to the filename. You can correct this by patching the local host which reaches out to these non-compliant devices.

Here is some example output of the error.

Without verbosity (-v):

# scp -v admin@ /backup/config/

With verbosity (-v):

# scp -v admin@ /backup/config/
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v -f -- /ns_sys_config
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2114, received 1524 bytes, in 0.1 seconds
Bytes per second: sent 22048.4, received 14831.1
debug1: Exit status 1

The Patch

I have updated a bug on bugs.launchpad.net for Ubuntu with a Patch and an explanation.

The patch can be directly found here.

We will walk through the steps of applying the patch and building.

Step 1 – The Source

Let’s get the source:

wget http://filedump.se.rit.edu/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
tar xvzf openssh-5.9p1.tar.gz
cd openssh-5.9p1

Step 2 – Apply Patch

Before we do the Configure/Make and Install, we need to patch scp.h, the file which inserts the ‘–’.

wget https://launchpadlibrarian.net/84923960/scp.patch
patch -p1 -i scp.patch
(Stripping trailing CRs from patch.)
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
|--- scp.c       2011-01-06 06:41:21.000000000 -0500
|+++ scp.c       2011-11-11 11:49:39.133830178 -0500
File to patch:

When it asks you for File to patch, enter ‘scp.c’. Hit enter.

Step 3 – Configure/Make/Install

I installed mine at /usr/local/openssh. You can change your prefix to wherever you want.

./configure --prefix=/usr/local/openssh --bindir=/usr/bin --with-ssl-engine 
--with-ssl-dir=/usr --with-md5-passwords --with-bsd-auth
sudo make install

After that, you should be all set! SCP away!