Specifying both rsync and scp rules breaks scp functionality #14
Description
My authprogs.yaml looks like this:
-
from: [10.x.x.x]
keynames: myhost
allow:
- rule_type: rsync
allow_download: true
paths: [/tmp/mycert.crt, /tmp/mycert.key]
- rule_type: scp
allow_download: true
paths: [/tmp/mycert.crt, /tmp/mycert.key]
Transferring the file with scp root@myhost:/tmp/mycert.crt /tmp fails with the error
command "scp -f /tmp/mycert.crt" rejected.
The debug log shows:
checking rule """{'from': ['10.x.x.x'], 'keynames': 'myhost', 'allow': [{'rule_type': 'rsync', 'allow_download': True, 'paths': ['/tmp/mycert.crt', '/tmp/mycert.key']}, {'rule_type': 'scp', 'allow_download': True, 'paths': ['/tmp/mycert.crt', '/tmp/mycert.key']}]}"""
client_ip 10.x.x.x in 10.x.x.x/32
keyname "myhost" matches rule.
skipping rsync processing, binary "scp" not in approved list
skipping scp processing, binary "scp" not in approved list
If the rsync section is removed, i.e. config looks like this:
-
from: [10.x.x.x]
keynames: myhost
allow:
- rule_type: scp
allow_download: true
paths: [/tmp/mycert.crt, /tmp/mycert.key]
Everything works as it should and the file can be transferred. Could you please investigate this bug?