Search code examples
bashsshscp

Has the syntax using SCP changed? Getting unexpected filename error on newer servers

I have two servers, lets call them SERVER1b and SERVER2.

SERVER1b reaches out to SERVER2 every night to grab my database dumps, they are titled as folows:

- dump1.sql.bz2
- dump2.sql.bz2
- dump3.sql.bz2

I have a bash script that simply runs the following command:

BLOG_ZIP_FILE="dump1.sql.bz2"
BLOG2_ZIP_FILE="dump2.sql.bz2"
BLOG3_ZIP_FILE="dump3.sql.bz2"
scp server2:"$BLOG_ZIP_FILE $BLOG2_ZIP_FILE $BLOG3_ZIP_FILE" /Volume1/Backups/

server2 is an alias used to connect via SSH to the server.

Whats interesting is that I had this script on a previous server, lets call it SERVER1a that has the exact same paths and it worked fine with the only difference being it was a few years older (maybe older version of SCP?)

Whenever I execute the SCP command on SERVER1b I get the following error:

error: unexpected filename: dump1.sql.bz2

Of course I've double checked the files actually exist, although I don't think that would even be the issue as a different error would be shown.

Edit: Added verbose dump (the most relevant bit)

Authenticated to host.com ([xx.xx.xx.xx]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending command: scp -v -f dump1.sql.bz2 dump2.sql.bz2 dump3.sql.bz2
Sending file modes: C0664 54580203 dump1.sql.bz2
Sink: C0664 54580203 dump1.sql.bz2
error: unexpected filename: dump1.sql.bz2
Solution

  • I think the problem is that the server-side thinks that dump1.sql.bz2 dump2.sql.bz2 dump3.sql.bz2 is three files, while the client-side thinks it's just one file with spaces in its name.

    Until some security improvements that were made to OpenSSH in 2018, the client-side wouldn't have validated what the server-side was doing, so as long as you liked the server-side behavior, it would have worked fine. But now the client-side is doing validation, and complaining about the mismatch between what it told the server to do and what the server is actually doing. (See https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt for more information about this.)

    To fix this, you can pass the three filenames as separate arguments to scp, so that both sides will agree about what's supposed to be sent:

    scp "server2:$BLOG_ZIP_FILE" "server2:$BLOG2_ZIP_FILE" "server2:$BLOG3_ZIP_FILE" /Volume1/Backups/