Public bug reported: version: v1.5 (or above)
Last week rssh package got updated to include security patch (2.3.4-4+deb8u1build0.16.04.1) after which download scenario is broken. This happens only for users that are created with default rssh shell login. Specifically libssh2_scp_recv()/libssh2_scp_recv2() function either return 0 or LIBSSH2_ERROR_SCP_PROTOCOL even though the file is present with proper content. For the scp example in libssh2 code base, it is stuck at the _libssh2_recv() function. (gdb) bt #0 0x00007ffff7b908f0 in __errno_location@plt () from /home/ching/libssh2/debug/src/libssh2.so.1 #1 0x00007ffff7bae04c in _libssh2_recv (sock=3, buffer=0x608528, length=16384, flags=16384, abstract=0x6082e0) at /home/ching/libssh2/libssh2/src/misc.c:154 #2 0x00007ffff7bc38a4 in _libssh2_transport_read (session=0x6082e0) at /home/ching/libssh2/libssh2/src/transport.c:370 #3 0x00007ffff7b9c143 in _libssh2_channel_read (channel=0x615970, stream_id=0, buf=0x7fffffffe150 "\307\016\340=", buflen=1024) at /home/ching/libssh2/libssh2/src/channel.c:1814 #4 0x00007ffff7b9c525 in libssh2_channel_read_ex (channel=0x615970, stream_id=0, buf=0x7fffffffe150 "\307\016\340=", buflen=1024) at /home/ching/libssh2/libssh2/src/channel.c:1948 #5 0x000000000040143b in main (argc=5, argv=0x7fffffffe658) at /home/ching/libssh2/libssh2/example/scp.c:157 Steps to repro: 1. sudo useradd -s /usr/bin/rssh -r -N -c "test" -G testgroup test 2. sudo passwd test 3. sudo usermod -a -G rsshusers test 4. Build libssh2 5. Run scp example ./example/example-scp 127.0.0.1 test test /tmp/f1.txt Stuck and fails to read the file. Libssh2 logs indicate rssh returned following error insecure scp option not allowed. This account is restricted by rssh. Allowed commands: scp sftp The rssh security patch is targeted for scp comands but not sure why it affects clients using libssh2. Please could you take a look. I have also posted the issue in rssh package discussion list. https://answers.launchpad.net/ubuntu/+source/rssh/+question/678522 ** Affects: libssh2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815741 Title: Probable regression after rssh security update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/1815741/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
