ForceCommand - Subsystem
Ben Lindstrom
mouring at eviladmin.org
Fri Dec 21 10:06:21 EST 2007
This also effects the "command=" limitor for key authentication. Which
could become a security risk for folks expecting the current behavior.
Even at that I would expect "ForceCommand" to always come in play (could
be because it was documented states it would). It would be better to
have "ForceNonSubsystemCommandForNonKeyAuthentication" directive (not that
I would give up an evening coding that for submission =).
- Ben
On Thu, 20 Dec 2007, Wojtek Kupiec wrote:
> Hi All
>
> First of all apologize for my bad English – it is not my native language.
>
> I'm using ssh for my everyday work. And I have noticed strange behaviour in
> sshd daemon.
>
> In sshd_config file there is option ForceCommand, and if I'm making sftp
> connection it look like command is also executed, I receive error message and
> connection is lost. In my opinion ForceCommand should not be considered when
> subsystem is activated.
>
>
> I have made a patch (please see attached file) it will probably solve the
> problem.
>
>
> Best Regareds
>
> Wojak
>
>
>
More information about the openssh-unix-dev
mailing list