Additions to UPGRADING?

Sten stend+openssh at sten.org
Mon Jun 12 05:56:37 EST 2000


	In upgrading from ssh-1.1.25 to openssh-2.1.1p1, I've come
across a pair of incompatibilities not mentioned in the UPGRADING
list.  The first involves the authorized_keys file:

n. No un-quoted spaces are permitted in the options field of the
	authorized_keys file.

While this was documented as a restriction in F-Secure SSH, in
practice this was not enforced.  OpenSSH does enforce this
restriction.

	The second involves both the sshd_config and authorized_keys
files.  I encountered it with the authorized_keys file (as it made a
key unusable), and I haven't tested how the OpenSSH sshd reacts to
having the unavailable flags in sshd_config:

m. Options unavailable in sshd_options and authorized_keys.

The AccountExpireWarningDays, AllowForwardingPort, AllowForwardingTo,
AllowHosts, AllowSHosts, AllowTcpForwarding, DenyForwardingPort,
DenyForwardingTo, DenyHosts, DenySHosts, DenyTcpForwarding,
ForcedEmptyPasswdChange, ForcedPasswdChange, IdleTimeout,
IgnoreRootRhosts, PasswordExpireWarningDays, SilentDeny,
TISAuthentication, and Umask options are not available in sshd_options.
Similarly, the allowforwardingport, allowforwardingto,
denyforwardingport, and denyforwardingto options are not available in
authorized_keys.

-- 
#include <disclaimer.h>                               /* Sten Drescher */
"This is the *NIX version of the 'ILOVEYOU' worm.  It runs on the honor
system.  Forward this to everyone in your address book, and randomly delete
some of your files." - Unknown





More information about the openssh-unix-dev mailing list