bugzilla-daemon at bugzilla
Oct 30, 2011, 11:02 AM
Post #1 of 1
(88 views)
Permalink
|
|
[Bug 1947] New: Log authorized_keys format issues and refuse to accept keys
|
|
https://bugzilla.mindrot.org/show_bug.cgi?id=1947
Bug #: 1947
Summary: Log authorized_keys format issues and refuse to accept
keys
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs [at] mindrot
ReportedBy: dave [at] treblig
I was trying to add a command="blah" limit on a key in
.ssh/authorized_keys for the first time in many years; and a few
problems struck me:
1) When I screwed up there was no log to say that it hit a badly
formatted line in authorized_keys
2) A simple error - e.g. putting a line break after the command="..."
part and before the key resulted in a key with no restriction.
So I suggest if you find a command="....." or other option section that
should be with a key and there is no key, then it should be logged that
you hit it and you should stop reading the authorized_keys file because
something is wrong.
Ideally you should carry on reading the authorized_keys to check its
validity, even once you hit a valid entry, that way you can spot other
screwups - e.g. in my case I first misread the man page to think I was
supposed to put the command="..." on the following line.
OK, so you're not going to be able to catch all screwups; but it should
be pretty paranoid.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
|
