Generally, try not to use SCP. It has been a crufty old program from the Berkeley R-Utilities, but newer OpenSSH releases have rewritten it to use the sftp-server server instead. There will be wildly different behavior between these implementations.
If you need something that SFTP cannot do, then use tar on both sides.
PuTTY has implemented their pscp to prefer the sftp-server for many years, in a long prediction of the eventual abandonment. Their pscp implementation is a better drop-in replacement than the OpenSSH solutions.
I also have an older rhel5 system where I am running tinysshd to use better SSH crypto. Due to upgrades, NFS is now squashing everything to nobody, so I had to disable precisely these checks to let users login with their authorized_keys. I can post the code if anybody is curious.
TZubiri 46 seconds ago [-]
Getting locked out of a server must be a cannonical experienc in the sysadmin journey, like checking the logs to see you are being attacked as soon as your online, or trying to build your own linux from scratch without bloat.
procaryote 44 minutes ago [-]
This is a useful tip!
but also... who has a dir with 777 permissions? Is that something people do nowadays?
chasil 17 minutes ago [-]
Well, everybody has 1777 as /tmp (with the sticky bit).
Ah, file permissions. My old friend. Good thing this happened on a 'local' server and not a remote VPS.
zahlman 4 days ago [-]
I assume using `./*` rather than `.` in the `scp` command would have worked around the issue?
malicka 28 minutes ago [-]
Yes, since it would’ve copied the globbed files, rather than the current directory itself.
sowbug 1 hours ago [-]
Related: In my Bash logout script I have a chmod that fixes authorized_keys. It won't help with scp because that's non-interactive, but it has helped the other 999 times I've forgotten to clean up the mess I made during an ssh session.
crest 1 hours ago [-]
It's nice to see people sharing their mistakes too.
roelschroeven 2 hours ago [-]
tl;dr: I you scp -r to your homedir, expect scp to copy not just files and directories but their permissions as well (which I think isn't all that surprising).
ranger_danger 1 hours ago [-]
It's not supposed to do that unless it's newly creating the destination, or you supplied the -p flag to preserve permissions... that's what the entire issue is about; it's a bug that was fixed in 10.3.
binaryturtle 2 hours ago [-]
When I load the site in my (slightly older) Firefox I just get some random junk and gibberish (markov chain generated nonsense?)
Generally, try not to use SCP. It has been a crufty old program from the Berkeley R-Utilities, but newer OpenSSH releases have rewritten it to use the sftp-server server instead. There will be wildly different behavior between these implementations.
The backend SCP changes are documented here:
https://lwn.net/Articles/835962/
If you need something that SFTP cannot do, then use tar on both sides.
PuTTY has implemented their pscp to prefer the sftp-server for many years, in a long prediction of the eventual abandonment. Their pscp implementation is a better drop-in replacement than the OpenSSH solutions.
I also have an older rhel5 system where I am running tinysshd to use better SSH crypto. Due to upgrades, NFS is now squashing everything to nobody, so I had to disable precisely these checks to let users login with their authorized_keys. I can post the code if anybody is curious.
but also... who has a dir with 777 permissions? Is that something people do nowadays?
<bleep> that nonsense!
Perhaps you got bot flagged or something