scp through jumphost missbehaves with powershell as shell on target · Issue #1347

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

爱看球的哑铃 · Mathpix ...· 2 周前 ·

从容的柳树 · 利用硬件加速大规模科学计算 | ...· 3 周前 ·

玉树临风的鸡蛋 · “吟诵文化经典 ...· 4 月前 ·

勤奋的大白菜 · 黄张裕简介· 6 月前 ·

温柔的椰子 · Using the TinyMCE ...· 7 月前 ·

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Actual output
Powershell error

I have been working on coping files with SCP from my adminserver through a jumphost to a targetsystem. The goal is to copy a script from adminhost to target, execute the script on target and finally scp the result back to admin (this is a workaround untill pssessions have support for jumphosts)

During this testing i found that scp -oProxyCommand="ssh -W %h:%p user@jumphost" c:\myscript.ps1 user@target:\myscript.ps1 will fail if i have defaultshell set to powershell on target.
if i remove hklm.....\defaultshell=....\powershell.exe, ie forcing cmd.exe as default shell it works

How to reproduce.

I have a very simple powershell script
& 'C:\Program Files\OpenSSH-Win64\scp.exe' -o "ProxyCommand ssh [email protected] -W %h:%p" c:\test.cmd [email protected] :\test.cmd
& "C:\Program Files\OpenSSH-Win64\ssh.exe" -J [email protected] [email protected] "test.cmd"
& 'C:\Program Files\OpenSSH-Win64\scp.exe' -o "ProxyCommand ssh [email protected] -W %h:%p" [email protected] :\test.txt c:\test.txt

[HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH]
"defaultshell"="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" it will fail with:

scp.exe : scp.exe : The term 'scp.exe' is not recognized as the name of a cmdlet, functio At C:\Users\Administrator\Desktop\remoteEcho.ps1:3 char:1 + & 'C:\Program Files\OpenSSH-Win64\scp.exe' -o "ProxyCommand ssh autom ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (scp.exe : The t...cmdlet, functio:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError

n, script file, or operable program. Check the spelling of the name, or if a pa
th was included, verify that the path is correct and try again.
At line:1 char:1

scp.exe -f /test.txt

  + CategoryInfo          : ObjectNotFound: (scp.exe:String) [], CommandNotF 
 oundException
  + FullyQualifiedErrorId : CommandNotFoundException
          Is this related to #1172?

One of the collaborators uploaded a pached binary of ssh, which (ssh with jump hosts) works fine for some people and me.

The patch was submitted as a PR PowerShell/openssh-portable#373.
As of the error PowerShell says, is your scp.exe in your PATH?
          It might be the same type of issue but it's not the issue of 1172 ( I do use the patched binary and i have also tested from a Linux system with the same error.
I do have the following test scenarios:

Windows adminserver - Windows JumpHost - TargetServer

Windows adminserver - Linux JumpHost - TargetServer

Linux Adminserver - Windows JumpHost - TargetServer

Linux Adminserver - Linux JumpHost - TargetServer
I can log on to them with SSH and I will get powershell as shell so that proves that the regvalue is correct and working
As long as you have CMD as shell on Targetserver all scenarios above works- it's only when you have powershell as defaultshell on targetserver it fails so therefore we now that the path is ok else it would fail with CMD as shell too.
The path looks ok too.

PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\OpenSSH-Win64;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;
          I made it with:
PS> scp -oProxyCommand="$((gcm ssh).path) -W %h:%p jumphost"  path\to\src targethost:path/to/dest
ssh is the patched one and scp is the built-in one (v7.7), and:
my PC ----- jumphost (Linux) ----- targethost (Linux)
PS> scp -oProxyCommand="$((gcm ssh).path) -W `"%h`":%p jumphost" -v .\LICENSE targethost:foo.md
Executing: program ssh.exe host targethost, user (unspecified), command scp -v -t foo.md
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data C:\\Users\\tatsu/.ssh/config
debug1: C:\\Users\\tatsu/.ssh/config line ■: Applying options for ■
debug1: C:\\Users\\tatsu/.ssh/config line ■: Applying options for ■
debug1: C:\\Users\\tatsu/.ssh/config line ■: Applying options for ■
debug1: Executing proxy command: exec C:/ProgramData/chocolatey/bin/ssh.exe -W 192.168.■.■:22 lab-dns
debug1: identity file C:\\Users\\tatsu/.ssh/id_ed25519■ type 3
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\tatsu/.ssh/id_ed25519■-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.■.■:22 as '■'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:■
debug1: Host '192.168.■.■' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\tatsu/.ssh/known_hosts:16
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 ■ C:\\Users\\tatsu/.ssh/id_ed25519_■
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.■.■ (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: proc
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending command: scp -v -t foo.md
Sending file modes: C0666 1310 LICENSE
Sink: C0666 1310 LICENSE
LICENSE                                                                                                                                                          100% 1310    64.8KB/s   00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3404, received 2416 bytes, in 0.4 seconds
Bytes per second: sent 7862.6, received 5580.5
debug1: Exit status 0
PS> gcm scp
CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     scp.exe                                            7.7.2.1    C:\WINDOWS\System32\OpenSSH\scp.exe