Re: sshd’s ForceCommand and ssh’s "–N Do not execute a remote command"

Damien Miller djm at mindrot.org
Tue Aug 2 04:22:21 EST 2011


No, our sshd can't refuse -N. Such a thing is hackish to implement (how
do you distinguish between a client that doesn't open a cmd/shell channel
from one that is merely slow in doing so? what about multiplexing?) and
mostly nonsensical too.


On Mon, 1 Aug 2011, Oleg Verych wrote:

> Hi,
> 
> 2011/7/29 Oleg Verych <olecom at gmail.com>:
> 
> > If `sshd` is configured to have a ForceCommand, no `ssh ?N` must skip
> > this *forced* server?s setup, isn?t it?
> >
> > But it isn?t so. Thus, admin may think that the command is forced by a server,
> > but user can skip that.
> >
> > In such case only port forwarding is available, but anyway *force* is
> > meaningless, IMHO.
> 
> there is more info about this, in case you don't know:
> ***
> Can server disallow -N option?
> http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ea54d720ca056c99/11a67bc5f2eac619
> ***
> ________
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list