[Bug 2287] AuthorizedKeysCommandUser should have it's default documented

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Feb 22 05:40:18 AEDT 2015


Christoph Anton Mitterer <calestyo at scientia.net> changed:

           What    |Removed                     |Added
         Resolution|FIXED                       |---
             Status|RESOLVED                    |REOPENED

--- Comment #5 from Christoph Anton Mitterer <calestyo at scientia.net> ---
Hey Damien.

Let me just reopen this once more as I've discovered by chance another
unexpected behaviour by this (which might be a bug)... just have a look
and decide... and feel free to close it again.

As we found out above, having:
"AuthorizedKeysCommandUser" unset while having "AuthorizedKeysCommand"
set to anything but "none" and the daemon will not start.

Interestingly, having AuthorizedKeysCommandUser set to the empty value,
AuthorizedKeysCommand /bin/test

and the daemon *will* actually start, but it seems that /bin/test is
nevertheless never executed.

So this is no security issue, but I guess for consistency it shouldn't
start either when AuthorizedKeysCommandUser is explicitly set to the
empty value.


You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list