bugzilla-daemon at bugzilla
Oct 30, 2011, 11:02 AM
Post #1 of 1
[Bug 1947] New: Log authorized_keys format issues and refuse to accept keys
Bug #: 1947
Summary: Log authorized_keys format issues and refuse to accept
Product: Portable OpenSSH
AssignedTo: unassigned-bugs [at] mindrot
ReportedBy: dave [at] treblig
I was trying to add a command="blah" limit on a key in
.ssh/authorized_keys for the first time in many years; and a few
problems struck me:
1) When I screwed up there was no log to say that it hit a badly
formatted line in authorized_keys
2) A simple error - e.g. putting a line break after the command="..."
part and before the key resulted in a key with no restriction.
So I suggest if you find a command="....." or other option section that
should be with a key and there is no key, then it should be logged that
you hit it and you should stop reading the authorized_keys file because
something is wrong.
Ideally you should carry on reading the authorized_keys to check its
validity, even once you hit a valid entry, that way you can spot other
screwups - e.g. in my case I first misread the man page to think I was
supposed to put the command="..." on the following line.
OK, so you're not going to be able to catch all screwups; but it should
be pretty paranoid.
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
openssh-bugs mailing list
openssh-bugs [at] mindrot