From e093b8a07e3213792df5b50fb8241887e3be5868 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Thu, 18 Apr 2019 12:02:09 +1000
Subject: [PATCH] SCP filename validation docs (#55399)

* SCP filename validation docs

* Update docs/docsite/rst/reference_appendices/faq.rst

Co-Authored-By: jborean93 <jborean93@gmail.com>

* Update docs/docsite/rst/reference_appendices/faq.rst

Co-Authored-By: jborean93 <jborean93@gmail.com>

* Update docs/docsite/rst/reference_appendices/faq.rst

Co-Authored-By: jborean93 <jborean93@gmail.com>

* edits to scp FAQ entry

* zeut alors I have missed one

* incorporate jborean feedback

* adds link to bug report

(cherry picked from commit 8542f16fa932c5992743a66c6f1f28caeb5d6f7c)
---
 docs/docsite/rst/reference_appendices/faq.rst | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/docsite/rst/reference_appendices/faq.rst b/docs/docsite/rst/reference_appendices/faq.rst
index 31bf620fdd1..fbac614eeee 100644
--- a/docs/docsite/rst/reference_appendices/faq.rst
+++ b/docs/docsite/rst/reference_appendices/faq.rst
@@ -609,6 +609,32 @@ but you can still access the orignal via ``hostvars``::
 This works for all overriden connection variables, like ``ansible_user``, ``ansible_port``, etc.
 
 
+.. _scp_protocol_error_filename:
+
+How do I fix 'protocol error: filename does not match request' when fetching a file?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+Newer releases of OpenSSH have a `bug <https://bugzilla.mindrot.org/show_bug.cgi?id=2966>`_ in the SCP client that can trigger this error on the Ansible controller when using SCP as the file transfer mechanism::
+
+    failed to transfer file to /tmp/ansible/file.txt\r\nprotocol error: filename does not match request
+
+In these releases, SCP tries to validate that the path of the file to fetch matches the requested path.
+The validation
+fails if the remote filename requires quotes to escape spaces or non-ascii characters in its path. To avoid this error:
+
+* Use SFTP instead of SCP by setting ``scp_if_ssh`` to ``smart`` (which tries SFTP first) or to ``False``. You can do this in one of four ways:
+    * Rely on the default setting, which is ``smart`` - this works if ``scp_if_ssh`` is not explicitly set anywhere
+    * Set a :ref:`host variable <host_variables>` or :ref:`group variable <group_variables>` in inventory: ``ansible_scp_if_ssh: False``
+    * Set an environment variable on your control node: ``export ANSIBLE_SCP_IF_SSH=False``
+    * Pass an environment variable when you run Ansible: ``ANSIBLE_SCP_IF_SSH=smart ansible-playbook``
+    * Modify your ``ansible.cfg`` file: add ``scp_if_ssh=False`` to the ``[ssh_connection]`` section
+* If you must use SCP, set the ``-T`` arg to tell the SCP client to ignore path validation. You can do this in one of three ways:
+    * Set a :ref:`host variable <host_variables>` or :ref:`group variable <group_variables>`: ``ansible_scp_extra_args=-T``,
+    * Export or pass an environment variable: ``ANSIBLE_SCP_EXTRA_ARGS=-T``
+    * Modify your ``ansible.cfg`` file: add ``scp_extra_args=-T`` to the ``[ssh_connection]`` section
+
+.. note:: If you see an ``invalid argument`` error when using ``-T``, then your SCP client is not performing filename validation and will not trigger this error.
+
 .. _i_dont_see_my_question:
 
 I don't see my question here