[Bug 2287] AuthorizedKeysCommandUser should have it's default documented

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Feb 22 05:40:18 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2287

Christoph Anton Mitterer <calestyo at scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |---
             Status|RESOLVED                    |REOPENED

--- Comment #5 from Christoph Anton Mitterer <calestyo at scientia.net> ---
Hey Damien.

Let me just reopen this once more as I've discovered by chance another
unexpected behaviour by this (which might be a bug)... just have a look
and decide... and feel free to close it again.

As we found out above, having:
"AuthorizedKeysCommandUser" unset while having "AuthorizedKeysCommand"
set to anything but "none" and the daemon will not start.

Interestingly, having AuthorizedKeysCommandUser set to the empty value,
e.g.
AuthorizedKeysCommand /bin/test
AuthorizedKeysCommandUser   

and the daemon *will* actually start, but it seems that /bin/test is
nevertheless never executed.

So this is no security issue, but I guess for consistency it shouldn't
start either when AuthorizedKeysCommandUser is explicitly set to the
empty value.


Thanks,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list