problem with scp over a tunneled connection

From: Chavdar Botev <cbotev(at)earthlink.net>
Date: Tue Jan 07 2003 - 15:23:27 EST

Hi!

I use OpenSSH 4.3p1 on a Debian box. I am trying to use scp with port forwarding.I set up the tunnel like this:

ssh -T -N -f -L 2001:remote.host:22 tunnel.host

Then, when I try:

scp -P 2001 file.to.copy cbotev@localhost:/dest.dir

It connects to the remote host, authenticates and then stops any activity.

Here is the output with the -v option:

OpenSSH_3.4p1 Debian 1:3.4p1-4, SSH protocols 1.5/2.0, OpenSSL 0x0090607f

debug1: Reading configuration data /home/chbotev/.ssh/config
debug1: /home/chbotev/.ssh/config line 5: Deprecated option "FallBackToRsh"
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be 

trusted.

debug1: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 2001.
debug1: Connection established.
debug1: identity file /home/chbotev/.ssh/identity type 0
debug1: identity file /home/chbotev/.ssh/id_rsa type -1
debug1: identity file /home/chbotev/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*

Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1026/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/chbotev/.ssh/known_hosts:4
debug1: bits set: 1036/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: 

publickey,password,keyboard-interactive

debug1: next auth method to try is publickey
Do you need more help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: try privkey: /home/chbotev/.ssh/id_rsa
debug1: try privkey: /home/chbotev/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: 

publickey,password,keyboard-interactive
debug1: next auth method to try is password cbotev@localhost's password:

debug1: ssh-userauth2 successful: method password
debug1: fd 4 setting O_NONBLOCK
debug1: fd 5 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: scp -v -t /tmp
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 16384

At this point scp stops and there is no more network activity. Similar actions run on a RedHat box, succeed.

It's probably not a NAT/firewall-related problem because a plain ssh connection can be established.

Any ideas? Is it a misconfiguration on my sid?

Thanks, Chavdar Received on Tue Jan 7 19:14:07 2003