Security policy: scp is disabled, use sftp instead.

[tomhayes]

Describe the bug I am having an issue when trying to pull a site from the production server. I get the following error:

/var/lib/gems/2.7.0/gems/net-scp-3.0.0/lib/net/scp/download.rb:118:in `parse_directive': unknown directive: "Security policy: scp is disabled, use sftp instead.\\n" (ArgumentError)

I've spoke to my host about this, and I've been informed that scp is disabled due to pci compliance. I think the solution is to use SFTP instead, but I'm unsure why this would be the case, and if this is indeed correct.

Wordmove command Command used on the CLI: wordmove -e production pull -d or wordmove -e production pull --all

Expected behavior The database/files to pull successfully.

movefile.yml the only non-standard thing I am doing in my move file is rsync_options: "--chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r" to preserve the file permissions when pushing back to the server.

Exception/trace Paste (removing personal data) the entire trace of error/exception you encountered, if any.

Traceback (most recent call last):
        33: from /usr/local/bin/wordmove:23:in '<main>'
        32: from /usr/local/bin/wordmove:23:in 'load'
        31: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/exe/wordmove:6:in '<top (required)>'
        30: from /var/lib/gems/2.7.0/gems/thor-0.20.3/lib/thor/base.rb:466:in 'start'
        29: from /var/lib/gems/2.7.0/gems/thor-0.20.3/lib/thor.rb:387:in 'dispatch'
        28: from /var/lib/gems/2.7.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in 'invoke_command'
        27: from /var/lib/gems/2.7.0/gems/thor-0.20.3/lib/thor/command.rb:27:in 'run'
        26: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/cli.rb:91:in 'pull'
        25: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/cli.rb:39:in 'handle_options'
        24: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/cli.rb:39:in 'each'
        23: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/cli.rb:40:in 'block in handle_options'
        22: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/cli.rb:92:in 'block in pull'
        21: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/deployer/ssh.rb:48:in 'pull_db'
        20: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/deployer/ssh/default_sql_adapter.rb:28:in 'adapt_remote_db!'
        19: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/deployer/ssh.rb:83:in 'download_remote_db'
        18: from /var/lib/gems/2.7.0/gems/wordmove-5.2.1/lib/wordmove/deployer/ssh.rb:58:in 'block (2 levels) in <class:SSH>'
        17: from /var/lib/gems/2.7.0/gems/photocopier-1.4.0/lib/photocopier/ssh.rb:18:in 'get'
        16: from /var/lib/gems/2.7.0/gems/net-scp-3.0.0/lib/net/scp.rb:321:in 'download!'
        15: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/channel.rb:272:in 'wait'
        14: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:180:in 'loop'
        13: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:180:in 'loop'
        12: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:180:in 'block in loop'
        11: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:227:in 'process'
        10: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/event_loop.rb:28:in 'process'
         9: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/event_loop.rb:100:in 'ev_preprocess'
         8: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/event_loop.rb:100:in 'each'
         7: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:248:in 'ev_preprocess'
         6: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:548:in 'dispatch_incoming_packets'
         5: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:685:in 'channel_close'
         4: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/session.rb:572:in 'channel_closed'
         3: from /var/lib/gems/2.7.0/gems/net-ssh-6.1.0/lib/net/ssh/connection/channel.rb:611:in 'do_close'
         2: from /var/lib/gems/2.7.0/gems/net-scp-3.0.0/lib/net/scp.rb:365:in 'block (3 levels) in start_command'
         1: from /var/lib/gems/2.7.0/gems/net-scp-3.0.0/lib/net/scp/download.rb:38:in 'read_directive_state'
/var/lib/gems/2.7.0/gems/net-scp-3.0.0/lib/net/scp/download.rb:118:in 'parse_directive': unknown directive: "Security policy: scp is disabled, use sftp instead.\\n" (ArgumentError)

Environment (please complete the following information):

• OS: Windows 10 / WSL2
• Ruby: (ruby --version): ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux-gnu]
• Wordmove: (wordmove --version): 5.2.1

Doctor

• [x] wordmove doctor is all green: Yes, all green.

[alessandro-fazzi]

IDK what PCI compliance is, but I'd like to remove scp in order to reduce used protocol and overall complexity. I'll investigate why that choice was made.

But, FYI, the fact happens into another gem: https://github.com/welaika/photocopier/blob/625dac7c06f0893b2d3e343b84c216429f0cab35/lib/photocopier/ssh.rb#L17.

[alessandro-fazzi]

Thanks for the exhaustive report 🙏

[tomhayes]

Hi, is there any progress on this? Using SFTP feels really slow compared to via rsync, and my host has some issues with MySQL privileges that make the db sync via SFTP kind of tricky too.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.