[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 23 06:17:20 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3574

            Bug ID: 3574
           Summary: ssh ignores AuthorizedPrincipalsCommand if
                    AuthorizedKeysCommand is also set
           Product: Portable OpenSSH
           Version: 9.3p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: code at themeyers.us

In OpenBSD Commit ID 9c4305631d20c2d194661504ce11e1f68b20d93e
sshd_config parser was switched to a newer tokanizer.  As a result of
this, a new bug was introduced that causes the parser to ignore
AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set.

To Reproduce
Set AuthorizedPrincipalsCommand and AuthorizedPrincipalsCommandUser to
a valid value in sshd_config.
Set AuthorizedKeysCommand and AuthorizedKeysCommandUser to a valid
value.  Suggest using a script that will touch a file to prove it was
executed.
Reload sshd and login.
AuthprizedKeysCommand will not be executed.
Remove AuthorizedKeysCommand from the sshd_config and it will work.

Suggested patch is attached.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list