2

I have a curious problem with OpenSSH in SLES 12 SP4 Linux servers.

We install a customized OpenSSH on ourservers, so in each machine we have two versions of OpenSSH, the official package of the operating system and the one that we have compiled.

For the case of SLES 12 SP4 if we run the following command from another server

scp -r directory/. destination_server:/path/to/directory

the following error arises

scp: error: unexpected filename: .

We have verified that the problem is with the scp binary under /usr/bin/scp, which is run by our OpenSSH instead of its scp under its own path.

After searching and testing the solution applied is to remove the execution rights on /usr/bin/scp, so our version of OpenSSH can not use it, and the scp -r from the client works perfectly.

Is there a more elegant to way to tell to the daemon to use the scp binary under its own path instead of /usr/bin/scp?

Best regards

Ciges
  • 131
  • 6

3 Answers3

6

It isn't the SSH daemon which uses the scp program directly, so no, you can't reconfigure it to use another binary. You need to remove all but the "right" scp binaries from the system, or rewrite the PATH environmental variable (preferably in the system default profile), because from the viewpoint of the SSH daemon, scp is just a wrapper for running a remote command.

Basically, here is what scp does:

  1. Initiates the connection through ssh
  2. Sends the scp -t (target path) command through the channel, as if you used the ssh user@target scp -t /this/file command.
  3. Sends the access mode and the file length, ending with '\n'.
  4. Sends the file contents through the SSH channel.

You can emulate scp with the following commands:

ssh user@host scp -t /tmp/aFile.to.create
(enter your password)
C0664 41 originalFileName
The file should contain
these two lines.
(press enter twice)

The third line contains the access rights, the file size, and the original file name. And since the scp command sent "as is", it is up to the target system to find that program for the user.

Lacek
  • 7,233
  • 24
  • 28
  • Thanks a lot. I have tested to modify in PATH to set the correct one as first (in /et/local.profile) but without luck. In the next meeting with the linux guys I will give your detailed answer, and maybe they know where to set it. – Ciges Apr 30 '19 at 14:08
  • "You can emulate scp with the following commands" WOW! That was an incredible demonstration. – Bruno Bronosky Apr 30 '19 at 17:55
  • You can also emulate scp by using SFTP, which (besides having more capabilities) _does_ allow customizing the sftp-server subsystem path via sshd. – user1686 Apr 30 '19 at 19:14
0

Based on the excellent info in the answer from @Lacek and what the following transcript shows about how sshd is managed by systemd, I'd say that it ought to be pretty easy to resolve.

In the same way that I can add PATH=/path/to/new/ssh/bin:$PATH to my bash profile, I can add it to /etc/systemd/system/sshd.service via Environment="PATH=/path/to/new/ssh/bin:$PATH" (as documented) or I can add it to /etc/default/ssh directly.

This is how a recent Ubuntu system looks:

ubuntu@ip-10-10-0-192:~$ find /etc/systemd/ -name '*ssh*' -ls
      557      0 lrwxrwxrwx   1 root     root           31 Oct 12  2018 /etc/systemd/system/multi-user.target.wants/ssh.service -> /lib/systemd/system/ssh.service
      587      0 lrwxrwxrwx   1 root     root           31 Oct 12  2018 /etc/systemd/system/sshd.service -> /lib/systemd/system/ssh.service


ubuntu@ip-10-10-0-192:~$ cat /etc/systemd/system/sshd.service
[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify

[Install]
WantedBy=multi-user.target
Alias=sshd.service


ubuntu@ip-10-10-0-192:~$ cat /etc/default/ssh
# Default settings for openssh-server. This file is sourced by /bin/sh from
# /etc/init.d/ssh.

# Options to pass to sshd
SSHD_OPTS=
Bruno Bronosky
  • 4,529
  • 3
  • 26
  • 34
0

We have resolved it :-)

Setting the PATH environment variable was not useful because the PATH is hard coded in the binaries of SSHD (we had verified it watching the environ file under /proc virtual file system for the sshd process).

So the problem was that our directory was added in the configure file in sshd sources after the normal system's path. The solution is to change the line 19346 of the configure file in sources to be

user_path=$t_bindir:$user_path

instead of

user_path=$user_path:$t_bindir

($t_bindir is the path set in --bindir option when executing configure before the compilation with make, $user_path is environment PATH value)

So, to show it clearer, the lines 19343 - 19350 for the configure file in sources remain as

if test $? -ne 0  ; then
    echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
    if test $? -ne 0  ; then
        user_path=$t_bindir:$user_path
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5
$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; }
    fi
fi

Best regards

Ciges
  • 131
  • 6