[Bug 2081] extend the parameters to the AuthorizedKeysCommand

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Feb 9 16:55:11 AEDT 2015


--- Comment #28 from Damien Miller <djm at mindrot.org> ---
I'm not sure about splitting arguments in sshd, I think I'd prefer to
just pass the whole AuthorizedKeysCommand to the shell like the current
code (and all other *command options in ssh/sshd).

Beyond the username (which must exist in the system password database)
and key text (which cannot contain shell metacharacters), there are no
attacker-controllable values in the command and so it should be quite
safe to pass to the shell.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list