[Bug 3574] New: ssh ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 23 06:17:20 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3574
Bug ID: 3574
Summary: ssh ignores AuthorizedPrincipalsCommand if
AuthorizedKeysCommand is also set
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: code at themeyers.us
In OpenBSD Commit ID 9c4305631d20c2d194661504ce11e1f68b20d93e
sshd_config parser was switched to a newer tokanizer. As a result of
this, a new bug was introduced that causes the parser to ignore
AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set.
To Reproduce
Set AuthorizedPrincipalsCommand and AuthorizedPrincipalsCommandUser to
a valid value in sshd_config.
Set AuthorizedKeysCommand and AuthorizedKeysCommandUser to a valid
value. Suggest using a script that will touch a file to prove it was
executed.
Reload sshd and login.
AuthprizedKeysCommand will not be executed.
Remove AuthorizedKeysCommand from the sshd_config and it will work.
Suggested patch is attached.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list