scp through jumphost missbehaves with powershell as shell on target

[matsmcp]

Please answer the following

**"OpenSSH for Windows" **
version 7.9

Server OperatingSystem
Server 2016

What is failing
scp

Expected output
file copied

Actual output
Powershell error

I have been working on coping files with SCP from my adminserver through a jumphost to a targetsystem. The goal is to copy a script from adminhost to target, execute the script on target and finally scp the result back to admin (this is a workaround untill pssessions have support for jumphosts)

During this testing i found that scp -oProxyCommand="ssh -W %h:%p user@jumphost" c:\myscript.ps1 user@target:\myscript.ps1 will fail if i have defaultshell set to powershell on target.
if i remove hklm.....\defaultshell=....\powershell.exe, ie forcing cmd.exe as default shell it works

[matsmcp]

How to reproduce.

I have a very simple powershell script
& 'C:\Program Files\OpenSSH-Win64\scp.exe' -o "ProxyCommand ssh automate2@jumphost.test.local -W %h:%p" c:\test.cmd administrator@dc1.test.local:\test.cmd
& "C:\Program Files\OpenSSH-Win64\ssh.exe" -J automate2@jumphost.test.local Administrator@dc1.test.local "test.cmd"
& 'C:\Program Files\OpenSSH-Win64\scp.exe' -o "ProxyCommand ssh automate2@jumphost.test.local -W %h:%p" administrator@dc1.test.local:\test.txt c:\test.txt

with
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH]
"defaultshell"="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" it will fail with:

scp.exe : scp.exe : The term 'scp.exe' is not recognized as the name of a cmdlet, functio
At C:\Users\Administrator\Desktop\remoteEcho.ps1:3 char:1
+ & 'C:\Program Files\OpenSSH-Win64\scp.exe' -o "ProxyCommand ssh autom ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (scp.exe : The t...cmdlet, functio:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
n, script file, or operable program. Check the spelling of the name, or if a pa

th was included, verify that the path is correct and try again.

At line:1 char:1

scp.exe -f /test.txt

  + CategoryInfo          : ObjectNotFound: (scp.exe:String) [], CommandNotF 
 oundException
  + FullyQualifiedErrorId : CommandNotFoundException

If I remove the regkey -forcing cmd as shell the script works

[matsmcp]

Opps, didn't intend to close

[tats-u]

Is this related to #1172?
One of the collaborators uploaded a pached binary of ssh, which (ssh with jump hosts) works fine for some people and me.
The patch was submitted as a PR PowerShell/openssh-portable#373.

As of the error PowerShell says, is your scp.exe in your PATH?

[matsmcp]

It might be the same type of issue but it's not the issue of 1172 ( I do use the patched binary and i have also tested from a Linux system with the same error.

I do have the following test scenarios:
Windows adminserver - Windows JumpHost - TargetServer
Windows adminserver - Linux JumpHost - TargetServer
Linux Adminserver - Windows JumpHost - TargetServer
Linux Adminserver - Linux JumpHost - TargetServer

I can log on to them with SSH and I will get powershell as shell so that proves that the regvalue is correct and working

As long as you have CMD as shell on Targetserver all scenarios above works- it's only when you have powershell as defaultshell on targetserver it fails so therefore we now that the path is ok else it would fail with CMD as shell too.

The path looks ok too.
PATH=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\OpenSSH-Win64;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;

[matsmcp]

I reinstalled the sytem and currently I can't repro anymore .....

[tats-u]

I made it with:

PS> scp -oProxyCommand="$((gcm ssh).path) -W %h:%p jumphost"  path\to\src targethost:path/to/dest

ssh is the patched one and scp is the built-in one (v7.7), and:

my PC ----- jumphost (Linux) ----- targethost (Linux)

PS> scp -oProxyCommand="$((gcm ssh).path) -W `"%h`":%p jumphost" -v .\LICENSE targethost:foo.md
Executing: program ssh.exe host targethost, user (unspecified), command scp -v -t foo.md
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data C:\\Users\\tatsu/.ssh/config
debug1: C:\\Users\\tatsu/.ssh/config line ■: Applying options for ■
debug1: C:\\Users\\tatsu/.ssh/config line ■: Applying options for ■
debug1: C:\\Users\\tatsu/.ssh/config line ■: Applying options for ■
debug1: Executing proxy command: exec C:/ProgramData/chocolatey/bin/ssh.exe -W 192.168.■.■:22 lab-dns
debug1: identity file C:\\Users\\tatsu/.ssh/id_ed25519■ type 3
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\tatsu/.ssh/id_ed25519■-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.■.■:22 as '■'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:■
debug1: Host '192.168.■.■' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\tatsu/.ssh/known_hosts:16
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 ■ C:\\Users\\tatsu/.ssh/id_ed25519_■
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.■.■ (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: proc
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending command: scp -v -t foo.md
Sending file modes: C0666 1310 LICENSE
Sink: C0666 1310 LICENSE
LICENSE                                                                                                                                                          100% 1310    64.8KB/s   00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3404, received 2416 bytes, in 0.4 seconds
Bytes per second: sent 7862.6, received 5580.5
debug1: Exit status 0
PS> gcm scp

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     scp.exe                                            7.7.2.1    C:\WINDOWS\System32\OpenSSH\scp.exe