# scp strangeness

## curmudgeon

I am getting strange error messages (which just started happening today) whenever I attempt to us scp (but only as the root user - it works fine as an ordinary user).

The messages are:

```
# scp foo bar

ssh_askpass: exec(/usr/lib64/misc/ssh-askpass): No such file or directory

Permission denied, please try again.

ssh_askpass: exec(/usr/lib64/misc/ssh-askpass): No such file or directory

Permission denied, please try again.

ssh_askpass: exec(/usr/lib64/misc/ssh-askpass): No such file or directory

Permission denied (publickey,password,keyboard-interactive).

lost connection

```

I have no idea what is happening. I have never seen anything like this before. I have tried some of the obvious things I could think of (hash -r, source /etc/profile, ldd /usr/bin/scp), but none of them made any difference. I can't find /usr/lib64/misc/ssh-askpass on any machine. Does anyone have any idea what Is happening? Thanks.

----------

## audiodef

I don't, but it's better if you do anything but local system maintenance as a regular user, anyway. Perhaps it's a "feature" telling you not to do it that way!   :Razz: 

----------

## Princess Nell

Do have SSH_ASKPASS set in the environment? Anything else you installed recently that sets this?

Did you play with $(eix -c askpass) recently?

----------

## curmudgeon

 *audiodef wrote:*   

> I don't, but it's better if you do anything but local system maintenance as a regular user, anyway. Perhaps it's a "feature" telling you not to do it that way!  :P

 

I frequently need to move files (that are NOT accessible to regular users) between machines. I usually have over twenty terminals open (including a half-dozen as root on various machines), and I have never seen anything like this before.

After fighting this for an extended period, it seems that somehow, that shell just became corrupt (and only that one instance - it didn't affect any of the other shells). I eventually noticed that Ctrl-C stopped working in that shell (it just had no effect at all), and when I tried to exit, something hung (with the process not even appearing in the process table), and I had to take extraordinary measures to kill it.

I guess it was just some weird (pseudo-) random event (which I hope does not recur).

----------

## Jaglover

Probably developers are cracking down on root account abuses, root is really local account only and has no business making remote connections.

----------

## audiodef

 *curmudgeon wrote:*   

> 
> 
> I frequently need to move files (that are NOT accessible to regular users) between machines. I usually have over twenty terminals open (including a half-dozen as root on various machines), and I have never seen anything like this before.
> 
> 

 

I have to move root-owned files and such, too. The best way to do this is to set up an encrypted key pair, with the remote regular user's .ssh dir holding a copy of the public key. That way, when you scp, you'll be asked locally for your key's password, and no password will be sent over the net. Copy files to your regular user's remote dir, then ssh in, su, and move files. This is how I do it. It's an extra step, but it's a good security measure.

----------

## curmudgeon

 *audiodef wrote:*   

> That way, when you scp, you'll be asked locally for your key's password, and no password will be sent over the net.

 

Passwords are never sent (in the clear) over the net via ssh.

 *audiodef wrote:*   

> Copy files to your regular user's remote dir, then ssh in, su, and move files. This is how I do it. It's an extra step, but it's a good security measure.

 

It may be a good security measure, but it doesn't work for me. Some of these moves are rsyncs with a huge number of files (including deletions). Copying them to another machine as a regular user (in a separate tree), and then trying to merge them (and figure out what to delete) is a (for me completely unnecessary) huge amount of extra work.

There is always a tradeoff between convenience and security, and while I generally believe in not doing anything with greater capabilities than required, I just can't see this unnatural fear of avoiding doing things as root.

----------

