FS#74779 - [openssh] Incorrect sftp-server path when upgrading
Attached to Project:
Arch Linux
Opened by Antoine Poliakov (antoinep92) - Tuesday, 17 May 2022, 15:04 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 27 July 2022, 23:16 GMT
Opened by Antoine Poliakov (antoinep92) - Tuesday, 17 May 2022, 15:04 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 27 July 2022, 23:16 GMT
|
Details
Description:
Recently on multiple servers, I became unable to scp (error was "scp: connection closed") after upgrading openssh. Apparently there is a mismatch between the installed path /usr/lib/ssh/sftp_server and the configured path in /etc/ssh/sshd_config: Sybsystem sftp /usr/lib/openssh/sftp-server which fails because /usr/lib/openssh doesn't exist. Scp worked just fine before the upgrade, and I didn't change the conf recently. I downloaded the source and did a configure & make, apparently the path is correct in sshd_config.out, so I suppose it works fine on new installs. On the other hand, I never changed the Subsystem sftp line manually. Upgrading the config file might be against the arch philosophy - or at least some people might not want their conf overwritten - but I think this warrants a warning message during the upgrade and/or a message on the Archlinux homepage ? Additional info: * package version(s): 9.0p1-1 * config and/or log files etc. * link to upstream bug report, if any Steps to reproduce: upgrade from a previous install |
This task depends upon
Closed by Toolybird (Toolybird)
Wednesday, 27 July 2022, 23:16 GMT
Reason for closing: Not a bug
Additional comments about closing: See comments
Wednesday, 27 July 2022, 23:16 GMT
Reason for closing: Not a bug
Additional comments about closing: See comments
With default settings, scp outputs sh: /usr/libexec/sftp-server: not found
/etc/ssh/sshd_config
Subsystem sftp /usr/lib/ssh/sftp-server
sftp available in /usr/lib/ssh/sftp-server
creating a symbolic link does not solve the issue
ln -s /usr/lib/ssh/sftp-server /usr/libexec/sftp-server
openssh-8.9p1-1 works correctly
-e '/^Subsystem sftp /usr/lib/openssh/sftp-server$/c Subsystem sftp /usr/lib/ssh/sftp-server' \
I would submit a pull request but the github is a mirror and I can't find information on how to contribute to the svn.
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
The fact is that starting from version 9.0p1 it switches scp from using the outdated scp / rcp protocol
use the default SFTP protocol.
Therefore, the solution in cases of incompatibility is to use the -O flag
https://www.openssh.com/releasenotes.html#9.0
But server-side, maybe the default for new installs is /usr/lib/ssh/sftp-server, but for older installs it was /usr/lib/openssh/sftp-server, which does not exist (anymore?). So I suggest the we update the path when upgrading an existing install to avoid breaking scp.
Or at least this should be mentioned as a warning on the arch news and/or in the terminal when upgrading. Especially because the error message "scp: Connection closed" is not very helpful, even with increased verbosity, and personally, it took me a bit of time to understand what was going on.
This implies the sshd_config on your server was at some stage modified. pacman deals with modified config files specially [1]. It is up to you as the sysadmin to deal with this promptly [2]
[1] https://wiki.archlinux.org/title/Pacman/Pacnew_and_Pacsave
[2] https://wiki.archlinux.org/title/System_maintenance#Deal_promptly_with_new_configuration_files