search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.41k stars 1.74k forks source link

scp does not work on a ipv6 host #2753

Open enko opened 5 years ago

enko commented 5 years ago

What happened:

I try to download a file via scp and it fails with a empty error message. This only happens on a ipv6 host, if I use an ipv4 host it works like a charm. It does not matter if I use the web interface or the tsh client, the result is the same.

What you expected to happen:

The file should be downloaded.

How to reproduce it (as minimally and precisely as possible):

Run a node on ipv6 and try to use tsh scp to download a file.

Environment:

Relevant Debug Logs If Applicable

➜ tsh scp --debug --login=ubuntu deployment.cd.int.flyacts.com:/home/ubuntu/.bashrc .                                                                                                            
INFO [CLIENT]    [KEY AGENT] Connected to the system agent: "/tmp/ssh-Qlytkr9Duiba/agent.1332" client/api.go:1947
DEBU [KEYSTORE]  Returning SSH certificate "/home/tschumacher/.tsh/keys/teleport.it.int.flyacts.com/tsc-cert.pub" valid until "2019-06-03 21:48:31 +0200 CEST", TLS certificate "/home/tschumacher/.tsh/keys/teleport.it.int.flyacts.com/tsc-x509.pem" valid until "2019-06-03 19:48:31 +0000 UTC" client/keystore.go:253
INFO [KEYAGENT]  Loading key for "tsc" client/keyagent.go:105
INFO [CLIENT]    Connecting to proxy to copy (recursively=false)... client/api.go:1146
INFO [CLIENT]    Connecting proxy=teleport.it.int.flyacts.com:3023 login='ubuntu' method=0 client/api.go:1444
DEBU [KEYAGENT]  Got 3 known hosts client/keyagent.go:263
DEBU [KEYAGENT]  Verified host teleport.it.int.flyacts.com:3023 client/keyagent.go:316
INFO [CLIENT]    Successful auth with proxy teleport.it.int.flyacts.com:3023 client/api.go:1435
DEBU [CLIENT]    Found clusters: [{"name":"hypervisor1.it.int.flyacts.com","lastconnected":"2019-06-03T10:08:03.523984887+02:00","status":"online"},{"name":"hypervisor1.cd.int.flyacts.com","lastconnected":"2019-06-03T10:08:00.555790482+02:00","status":"online"}] client/client.go:102
INFO [CLIENT]    Client= connecting to node=deployment.cd.int.flyacts.com:0@default@hypervisor1.it.int.flyacts.com client/client.go:355
DEBU [KEYAGENT]  Got 3 known hosts client/keyagent.go:263
DEBU [KEYAGENT]  Verified host deployment.cd.int.flyacts.com:0@default@hypervisor1.it.int.flyacts.com client/keyagent.go:316

ERROR REPORT:
Original Error: *ssh.ExitError Process exited with status 1
Stack Trace:
        /gopath/src/github.com/gravitational/teleport/lib/client/client.go:598 github.com/gravitational/teleport/lib/client.(*NodeClient).ExecuteSCP
        /gopath/src/github.com/gravitational/teleport/lib/client/api.go:1248 github.com/gravitational/teleport/lib/client.(*TeleportClient).SCP
        /gopath/src/github.com/gravitational/teleport/tool/tsh/tsh.go:760 main.onSCP
        /gopath/src/github.com/gravitational/teleport/tool/tsh/tsh.go:316 main.Run
        /gopath/src/github.com/gravitational/teleport/tool/tsh/tsh.go:168 main.main
        /opt/go/src/runtime/proc.go:210 runtime.main
        /opt/go/src/runtime/asm_amd64.s:1334 runtime.goexit
User Message: 
➜ tsh ls --cluster hypervisor1.cd.int.flyacts.com                                    
Node Name                       Address                            Labels         
------------------------------- ---------------------------------- -------------- 
deployment.cd.int.flyacts.com   [2a01:4f8:10b:2753:3:100:0:4]:3022 environment=cd 
hypervisor1.cd.int.flyacts.com  94.130.160.103:3022                environment=cd

Educated Guess

I think this could happen because the address is not escaped properly or is not put in square brackets. I could provide inside if you could tell me to how to enable the logging in https://github.com/gravitational/teleport/blob/master/lib/sshutils/scp/scp.go#L177.

benarent commented 5 years ago

@enko We've recently fixed working with IPv6. https://github.com/gravitational/teleport/pull/2867 You can wait until the next build, or build from master to see if this resolves this issue for you.

capnspacehook commented 1 year ago

@benarent can this issue be closed?

DavidJLambert commented 1 year ago

In addition to putting the IPv6 address inside of square brackets, at least in powershell on windows, the letters in the IPv6 address must be uppercase.