Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Bugs

[Bug 1947] New: Log authorized_keys format issues and refuse to accept keys

 

 

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

Oct 30, 2011, 11:02 AM

Post #1 of 1 (133 views)
Permalink
[Bug 1947] New: Log authorized_keys format issues and refuse to accept keys

https://bugzilla.mindrot.org/show_bug.cgi?id=1947

Bug #: 1947
Summary: Log authorized_keys format issues and refuse to accept
keys
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs [at] mindrot
ReportedBy: dave [at] treblig


I was trying to add a command="blah" limit on a key in
.ssh/authorized_keys for the first time in many years; and a few
problems struck me:

1) When I screwed up there was no log to say that it hit a badly
formatted line in authorized_keys
2) A simple error - e.g. putting a line break after the command="..."
part and before the key resulted in a key with no restriction.

So I suggest if you find a command="....." or other option section that
should be with a key and there is no key, then it should be logged that
you hit it and you should stop reading the authorized_keys file because
something is wrong.

Ideally you should carry on reading the authorized_keys to check its
validity, even once you hit a valid entry, that way you can spot other
screwups - e.g. in my case I first misread the man page to think I was
supposed to put the command="..." on the following line.

OK, so you're not going to be able to catch all screwups; but it should
be pretty paranoid.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.