[Bug 3503] New: OpenSSH tries executing banner as command

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Nov 17 03:39:46 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3503

            Bug ID: 3503
           Summary: OpenSSH tries executing banner as command
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mateusz.gierblinski at gmail.com

Created attachment 3626
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3626&action=edit
Proof of Concept

Hi there, 

On default Fedora 37 installation I found an interesting issue. In my
home directory I have the following config: 

Host redhat
        HostName 192.16.122.253
        User mto
        #Identityfile /home/mto/.ssh/id_ed25519
        ProxyCommand ssh -T -i /home/mto/.ssh/id_ed25519
mto at 192.168.122.253

When I'm trying to connect, I receive the following message: 

-bash: line 1: $'SSH-2.0-OpenSSH_8.8\r': command not found

As you can see, OpenSSH tries to execute banner version as command.
Based on the StackOverflow (link:
https://unix.stackexchange.com/questions/269024/change-ssh-banner-which-is-grabbed-by-netcat)
we can modify banner and it has to be exactly 11 characters long,
otherwise the binary gets corrupted. 

Please refer to provided screenshot for proof. 

Thanks,
Mateusz

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list