[GH-ISSUE #148] BUG: !scpupload / !scpdownload not accepted for IP ranges #32

New issue

Closed

opened 2026-05-07 00:17:51 +02:00 by BreizhHardware · 1 comment

BreizhHardware commented

2026-05-07 00:17:51 +02:00

Owner

Originally created by @unbelauscht on GitHub (Feb 23, 2021).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/148

Bug: It seems like the bastion does not accept ip ranges for !scpup and !scpdownload:

Bastion group view:

admin@z1(master)> groupListServers --group example-infra

---bastion-a.eu-central-1a.infra.example.net---------------the-bastion-3.02.00---
=> list of servers pertaining to the group
--------------------------------------------------------------------------------
~ IP               PORT                 USER                      ACCESS-BY   ADDED-BY      ADDED-AT                                       EXPIRY?                                  COMMENT FORCED-KEY?
~ 10.15.0.0/19       22               admin      example-infra(group)  admin    2021-02-18                                             -                                        - -
~ 10.15.0.0/19    (any)           !scpupload      example-infra(group)  admin    2021-02-23                                             -                                        - -
~ 10.15.0.0/19    (any)         !scpdownload      example-infra(group)  admin    2021-02-23                                             -                                        - -
~ 3 accesses listed
----------------------------------------------------------</groupListServers>---

Result using ansible:

TASK [install_gitlab : Copy GitLab configuration file.] ********************************************************************************************************
fatal: [gitlab.eu-central-1a.infra.example.net]: FAILED! => {"msg": "failed to transfer file to /home/admin/.ansible/tmp/ansible-local-97208bouj9_e6/tmppti5h9zm/gitlab.rb.j2 \u001b[?47l/home/admin/.ansible/tmp/ansible-tmp-1614071537.5889418-97310-161362758918463/source:\n\n>>>Sorry, but even if you have ssh access to admin@10.15.10.231:22, you still need to be granted specifically for scp\n\\033[31;1m~ Sorry, but even if you have ssh access to admin@10.15.10.231:22, you still need to be granted specifically for scp\\033[0m\n"}

Expectation:

TASK [install_gitlab : Copy GitLab configuration file.] ********************************************************************************************************
ok: [gitlab.eu-central-1a.infra.example.net]

Interestingly !scpupload and !scpdownload works fine when using single hosts instead of ip blocks.

Originally created by @unbelauscht on GitHub (Feb 23, 2021). Original GitHub issue: https://github.com/ovh/the-bastion/issues/148 Bug: It seems like the bastion does not accept ip ranges for !scpup and !scpdownload: **Bastion group view:** ``` admin@z1(master)> groupListServers --group example-infra ---bastion-a.eu-central-1a.infra.example.net---------------the-bastion-3.02.00--- => list of servers pertaining to the group -------------------------------------------------------------------------------- ~ IP PORT USER ACCESS-BY ADDED-BY ADDED-AT EXPIRY? COMMENT FORCED-KEY? ~ 10.15.0.0/19 22 admin example-infra(group) admin 2021-02-18 - - - ~ 10.15.0.0/19 (any) !scpupload example-infra(group) admin 2021-02-23 - - - ~ 10.15.0.0/19 (any) !scpdownload example-infra(group) admin 2021-02-23 - - - ~ 3 accesses listed ----------------------------------------------------------</groupListServers>--- ``` Result using ansible: ``` TASK [install_gitlab : Copy GitLab configuration file.] ******************************************************************************************************** fatal: [gitlab.eu-central-1a.infra.example.net]: FAILED! => {"msg": "failed to transfer file to /home/admin/.ansible/tmp/ansible-local-97208bouj9_e6/tmppti5h9zm/gitlab.rb.j2 \u001b[?47l/home/admin/.ansible/tmp/ansible-tmp-1614071537.5889418-97310-161362758918463/source:\n\n>>>Sorry, but even if you have ssh access to admin@10.15.10.231:22, you still need to be granted specifically for scp\n\\033[31;1m~ Sorry, but even if you have ssh access to admin@10.15.10.231:22, you still need to be granted specifically for scp\\033[0m\n"} ``` Expectation: ``` TASK [install_gitlab : Copy GitLab configuration file.] ******************************************************************************************************** ok: [gitlab.eu-central-1a.infra.example.net] ``` Interestingly !scpupload and !scpdownload works fine when using single hosts instead of ip blocks.

BreizhHardware closed this issue

2026-05-07 00:17:51 +02:00

BreizhHardware commented

2026-05-07 00:17:52 +02:00

Author

Owner

@unbelauscht commented on GitHub (Feb 23, 2021):

Actually I was being dumb.

Sync wasn't working fine and I connected to the replica instead of the main node and the replica was missing the new permissions inside of the group.

@unbelauscht commented on GitHub (Feb 23, 2021): Actually I was being dumb. Sync wasn't working fine and I connected to the replica instead of the main node and the replica was missing the new permissions inside of the group.

BreizhHardware referenced this issue

2026-05-07 00:19:41 +02:00

[PR #32] [MERGED] enh: install-ttyrec.sh replaces build-and-install-ttyrec.sh #182