[Bug 2070] New: OpenSSH daemon PermitTTY option
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Feb 15 09:57:53 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2070
Bug ID: 2070
Summary: OpenSSH daemon PermitTTY option
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: sega01 at go-beyond.org
Created attachment 2218
--> https://bugzilla.mindrot.org/attachment.cgi?id=2218&action=edit
Permit TTY patch. Apply with -p1.
Hey everyone,
I wanted a way to deny PTY allocation through the SSH daemon beyond the
authorized_keys means. I know that unless otherwise restricted, PTYs
can be allocated by the user logged into, but this prevents it solely
at the SSH level. You can use this in combination with passwordless
logins for menus and interfaces, and take out the unlikely exploitation
vector of the PTY (along with saving resources and potential
complications). Of course, this can be used in other scenarios as well.
I wrote a patch and submitted it to the mailing list. I originally
called the option NoPty, but was advised by Iain Morgan to change it to
PermitTTY. I've done so, and have tested it. It works perfectly in my
own testing, though it has not been tested in any other environments as
far as I know. The changes are pretty simple, and I've also touched the
man pages. I was unable to find a way to compile the .0 man page from
the .5 file, but I've edited both and I *think* they are identical,
though they may not be once the .0 is regenerated.
Damien suggested I send the patch here, so I have. Please let me know
if this patch is fit for inclusion in the mainline OpenSSH offering. I
can make further adjustments to the patch as needed.
Thanks,
Teran
PS: Original mailing list submission:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2013-February/030989.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list