Ubuntu
rssh package

2.3.4-4+deb8u1build0.16.04.1 breaks scp download using libssh2 client

Asked by Iyyappa Murugandi

Package: rssh
Version: 2.3.4-4+deb8u1build0.16.04.1

We are using libssh2(v1.5) client to download files in our product. After rssh got auto patched, our download scenario is broken.
This happens only for users that are created with default rssh shell login.

Steps to repro:

1. sudo useradd -s /usr/bin/rssh -r -N -c "test" -G testgroup test
2. sudo passwd test
3. sudo usermod -a -G rsshusers test

4. Build libssh2
5. Run scp example
./example/example-scp 127.0.0.1 test test /tmp/f1.txt

Stuck and fails to read the file.

Libssh2 logs indicate rssh returned following error

insecure scp option not allowed.
This account is restricted by rssh.
Allowed commands: scp sftp

I know the security patch is targeted for scp comands but not sure why it affects clients using libssh2.
Please let me know if this is expected behavior and if you need any details.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu rssh Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

There was an update to version 2.3.4-4+deb8u2ubuntu0.16.04.1 (note "ubuntu" instead of "build" in the version string) yesterday.
Please check whether it solves your problem.

Revision history for this message
Iyyappa Murugandi (mitsmiles) said : 		#2

No, 2.3.4-4+deb8u2ubuntu0.16.04.1 release didn't fix the issue.
2.3.4-4+deb8u2ubuntu0.16.04.1 is mainly targeted for downloading multiple files using '*' based on the issue raised by https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921655.

In our case, we don't use scp commands directly but use libssh2 client library to do scp.
I have attached the example libssh2 code to repro the issue.

Revision history for this message
Iyyappa Murugandi (mitsmiles) said : 		#3

I ran the sshd in debug mode and figured out that scp is called with argument "-pf", but the new validation
"static int scp_okay( char **vec )" doesn't take that into account.

Feb 13 14:39:26 ching-1604 sshd[28295]: Starting session: command for test4 from 127.0.0.1 port 52430 id 0
Feb 13 14:39:26 ching-1604 sshd[28295]: debug3: mm_audit_run_command entering command scp -pf '/tmp/f1.txt'

Revision history for this message
Manfred Hampl (m-hampl) said : 		#4

I suggest that you create a bug report.

Revision history for this message
Iyyappa Murugandi (mitsmiles) said : 		#5

Sounds good. Thanks!

Revision history for this message
Iyyappa Murugandi (mitsmiles) said : 		#6

Created bug - https://bugs.launchpad.net/ubuntu/+source/rssh/+bug/1815935

Revision history for this message
Manfred Hampl (m-hampl) said : 		#7

"I have attached the example libssh2 code to repro the issue."

Adding attachments to Launchpad questions is not possible, but you can add it to the bug report if relevant.

Revision history for this message
Iyyappa Murugandi (mitsmiles) said : 		#8

Also libssh2, scp_send() uses the option "-pt".

Can you help with this problem?

Provide an answer of your own, or ask Iyyappa Murugandi for more information if necessary.

To post a message you must log in.