weird behaviour of commands option : bug or not ?

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Nov 26 03:43:24 EST 2002


I can't mimic this.

You have id_dsa.pub which is your public key and you have id_dsa which is
your private key.

if I do:

keygen -t dsa
echo -n "command=\"ls\""; cat id_dsa.pub >> authorized_keys
ssh localhost

works as it should, runs the command=""

rm id_dsa
ssh localhost

prompts for password and then drops me to a login prompt like it should.

- Ben

On Mon, 25 Nov 2002, Jean-Louis LY wrote:

> Hello
>
> I think I've found a bug but since no one replied to me on comp.security.ssh,
> I'll try my luck here.
> On my client, PreferredAuthentications is set to publickey,password.
> When using the commands option in authorized_keys file like
> command="ls" ssh-dss <key>... it is supposed to connect using the private key
> associated with <key>, perform ls and then quits.
> Until here everything is fine.
> Then I tried to delete the private key file associated to <key> on my client.
> Then if I connect, it asks for my password and once I'm logged in, it performs
> ls and quits again.
> So why does it still read the authorized_keys file since I deleted the key ?
> I looked into it a bit further and I found that the public key file on my
> client is the one messing up. If I rename it (by default, it is id_dsa.pub)
> then everything works fine (password authentication and then I'm logged in
> with a shell). It seems somehow that the public key file is read no matter
> what and compares it to the keys found in authorized_keys.
> So bug or not ?
>
> Thanks for your answers.
> ###########################################
>
> This message has been scanned by  Anti-Virus for Microsoft Exchange.
> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿè¥éì²îž,ÿuëÿš)Ý®‹ÿ¢¸&j)bž	b²Øm¶Ÿÿÿ0þh§vº-þŠàþf¢–f§þX¬¶)ߣú)z{,‡û§‹Ý
>




More information about the openssh-unix-dev mailing list