HPE Community
Secure OS Software for Linux
1752590 Members
4261 Online
108788 Solutions
New Discussion юеВ

Re: SCP and SSH-Agent on SuSE8.1

 
Michael Armbrecht
Frequent Advisor

тАО05-08-2003 02:39 AM

тАО05-08-2003 02:39 AM

SCP and SSH-Agent on SuSE8.1

Hi,
I have a problem here on a SuSE8.1 box to get scp to work.
I need to use ssh/scp frequently for shell access and file transfer over a firewall. The ssh version used is OpenSSH_3.4p1.
The setup is thus: Usually a ssh connection is opened with a command similar to "ssh -t @ ssh login@machine". The -t option is necessary because the firewall does not allocate a tty. We have ssh-agents running as well which are called from .xsession at login time on the SuSE box.
Here is the problem: When I login to the SuSE box, ssh-agent reads my passphrase and I can ssh to any system through the firewall without problems. But copying files using scp does not work. The error is: "Need passphrase for . You have no controlling tty. Cannot read passphrase." It seems that scp does not pick up the running ssh-agent, but insists in reading the passphrase again when connecting from the firewall to the target system. "ForwardAgent" is set to "Yes" in ssh_conf. What am I missing? It used to work on a RedHat6.0 box before...

BTW: The scp command used is "scp @:@:"

Thanks for your help
Mick
Never be afraid to try something new. Remember, amateurs built the ark. Professionals built the Titanic.
0 Kudos
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО05-08-2003 05:43 AM

тАО05-08-2003 05:43 AM

Re: SCP and SSH-Agent on SuSE8.1

I have used this doc on red hat to deal with these issues.

Though originally authored for HP-UX, it works, even in a mixed environment.

I think exchanging public keys will solve this problem. This assumes your firewall is stateless and doesn't block port 22.

Attached.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Michael Armbrecht
Frequent Advisor

тАО05-08-2003 05:56 AM

тАО05-08-2003 05:56 AM

Re: SCP and SSH-Agent on SuSE8.1

Hi Steven,

my public keys are on all remote machines I am connecting to, and connecting with ssh works perfectly. Only scp does not work.

The firewall is actually not a "real" firewall, but an ssh relay, I probably should have said that. So port blocking is not an issue.

As I said before, I have exactly the same setup on a RedHat 6.0 box, and there scp works for some reason. The differences are the SSH version (SSH Version OpenSSH_2.3.0p1 on RedHat) and the ssh agent is called from the .bash_profile instead of .xsession.
Never be afraid to try something new. Remember, amateurs built the ark. Professionals built the Titanic.
0 Kudos
Steven E. Protter
Exalted Contributor

тАО05-08-2003 06:12 AM

тАО05-08-2003 06:12 AM

Re: SCP and SSH-Agent on SuSE8.1

You have no controlling tty. Cannot read passphrase.

Thats key. Is the TERM variable set in .bash_profile an .xsession ?

stty -a output should do the same.

This should work. ssh and scp are part of the same tool set.

You might want to try reinstalling the package on the client giving you the trouble. Also, make sure you get any updates or security fixes in.

Head scratcher here, please post resolution so at least I can learn from this.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Michael Armbrecht
Frequent Advisor

тАО05-09-2003 12:46 AM

тАО05-09-2003 12:46 AM

Re: SCP and SSH-Agent on SuSE8.1

Hi Steven,

> You have no controlling tty. Cannot read passphrase
> Thats key. Is the TERM variable set in .bash_profile an .xsession ?

The problem is that this error message is sent from the ssh relay, not from my local host. $TERM is set to xterm. But on the relay I don't have a tty, that's why I need to use the "-t" option when using ssh.

I have submitted this as a bug to the OpenSSH developers:
http://bugzilla.mindrot.org/show_bug.cgi?id=557

Straight answer I got was to submit a debug trace and upgrade to version 3.6.1, which I will have a look at.

I'll keep you posted.

Mick
Never be afraid to try something new. Remember, amateurs built the ark. Professionals built the Titanic.
0 Kudos
Michael Armbrecht
Frequent Advisor

тАО05-30-2003 05:31 AM

тАО05-30-2003 05:31 AM

Re: SCP and SSH-Agent on SuSE8.1

FYI - This has been "solved".

The solution was to remove these two lines from the source file "scp.c":

addargs(&args, "-oForwardAgent no");
addargs(&args, "-oClearAllForwardings yes");

Now it is working. I am still wondering why the options were preset like this in the code, like this scp can't work with a ssh relay that doesn't allocate ttys.

Regards
Mick
Never be afraid to try something new. Remember, amateurs built the ark. Professionals built the Titanic.
0 Kudos
Steven E. Protter
Exalted Contributor

тАО05-30-2003 06:33 AM

тАО05-30-2003 06:33 AM

Re: SCP and SSH-Agent on SuSE8.1

I wonder if this is an issue with HP's depot version of the tools.

Thanks for posting your solution.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.