2

I have in my SSH ~/.ssh/config the following configuration:

Host *
     # note: this needs in /etc/ssh/ssh_config:  PermitLocalCommand yes
     #
     LocalCommand gpgconf --reload scdaemon

The reason for this is, the private RSA key for the SSH connection comes from an OpenPGP smartcard which is requesting a PIN to give access and the card should be resetted with the above command after providing the key. This works fine for SSH, but not for SCP. SCP launches the required SSH command with an option "-oPermitLocalCommand=no"which disables this feature.

One can see this nicely with:

strace -f -o scp.tr scp "-oPermitLocalCommand=yes" foo www.unixarea.de:.
...
grep execv scp.tr
10205 execve("/usr/bin/scp", ["scp", "-oPermitLocalCommand=yes", "foo",
"www.unixarea.de"...], 0xffffdf2147a0 /* 32 vars */) = 0
10206 execve("/usr/bin/ssh", ["/usr/bin/ssh", "-x", "-oPermitLocalCommand=no",
"-oClearAllForwardings=yes", "-oRemoteCommand=none", "-oRequestTTY=no", "-o",
"PermitLocalCommand=yes", "-oForwardAgent=no", "-l", "XXXXXXXXXXXXXXXX", "--",
"www.unixarea.de", "scp -t ."], 0xffffe38c6780 /* 32 vars */) = 0

and so the card remains active and provides keys without PIN entry.

This is on some Debian version of Linux, PureOS:

purism@pureos:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w  11 Sep 2023

How could this be changed?

Improve this question
2
  • Those additional arguments appear to be hard coded in the source (at least looking at OpenSSH_8.9p1 Ubuntu-3ubuntu0.7) Commented May 3, 2024 at 10:43
  • I looked with strings into /usr/bin/scp and it‘s the same. What could be the reason for this? Commented May 3, 2024 at 13:31

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.