[Bug 2287] AuthorizedKeysCommandUser should have it's default documented
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Feb 22 05:40:18 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2287
Christoph Anton Mitterer <calestyo at scientia.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |---
Status|RESOLVED |REOPENED
--- Comment #5 from Christoph Anton Mitterer <calestyo at scientia.net> ---
Hey Damien.
Let me just reopen this once more as I've discovered by chance another
unexpected behaviour by this (which might be a bug)... just have a look
and decide... and feel free to close it again.
As we found out above, having:
"AuthorizedKeysCommandUser" unset while having "AuthorizedKeysCommand"
set to anything but "none" and the daemon will not start.
Interestingly, having AuthorizedKeysCommandUser set to the empty value,
e.g.
AuthorizedKeysCommand /bin/test
AuthorizedKeysCommandUser
and the daemon *will* actually start, but it seems that /bin/test is
nevertheless never executed.
So this is no security issue, but I guess for consistency it shouldn't
start either when AuthorizedKeysCommandUser is explicitly set to the
empty value.
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list