[Bug 2174] New: no-pty in authorized_keys does not prevent and interactive shell
bugzilla-daemon at natsu.mindrot.org
bugzilla-daemon at natsu.mindrot.org
Sun Nov 24 02:50:46 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2174
Bug ID: 2174
Summary: no-pty in authorized_keys does not prevent and
interactive shell
Product: Portable OpenSSH
Version: 6.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: nogyka at gmail.com
Hi,
I just stumbled upon the fact that when I deny a user who logs in using
a public key an interactive login using the no-pty argument in the
~/.ssh/authorized_keys file,
I still get an interactive shell (kind of). Despite the fact that
"PTY allocation request failed on channel 0"
This could be reproduced on an up to date debian system (6.0.8) as well
as on Ubuntu 12.04.3 LTS
OpenSSH_5.5p1 Debian-6+squeeze3
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
OpenSSH_6.4p1, OpenSSL 1.0.1 14 Mar 2012
Best regards,
Bastian Mueller
--- LOG ---
bbb at kilchoman:~$ ssh user at host
PTY allocation request failed on channel 0
Linux hostname 2.6.32-5-amd64 #1 SMP Mon Oct 3 03:59:20 UTC 2011 x86_64
cat ~/.ssh/authorized_keys
no-pty ssh-rsa AAAA..5KS3+Q==
ssh -v
OpenSSH_5.5p1 Debian-6+squeeze3, OpenSSL 0.9.8o 01 Jun 2010
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c
cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p
port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
ps
PID TTY TIME CMD
1191 ? 00:00:00 sshd
1192 ? 00:00:00 bash
1232 ? 00:00:00 ps
--- END LOG ---
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list