Multiple forced commands being executed

Darren Tucker dtucker at zip.com.au
Tue Feb 1 21:45:11 EST 2011


On 1/02/11 8:52 PM, Oliver Beattie wrote:
> Hi,
>
> Sorry to post this here again, I already posted it in the users
> mailing list but haven't got very far. I really need to get this
> resolved ASAP, as it's causing a big security headache for us. If
> anyone can help that would be wonderful. The original thread is here:
> http://marc.info/?l=secure-shell&m=129562817820176&w=2
>
> I am having a very strange problem with SSH. Essentially, I'm using
> forced commands to restrict access based on public key (there are
> around 2000 public keys). It appears to work okay, but when I look at
> the ssh -v output I see that the client/server is actually executing
> all the forced commands for RSA keys (I am connecting with an RSA key)
> until it "hits" my key.
>
> Anyone have any idea why this is happening? I have no clue where to
> even look for hints as to what would cause this…

Do you actually see the command being executed?  Looking at the code, 
that output is just from the option parser, not the actual execution (in 
auth-options.c:auth_parse_options()).   The forced command that is 
actually executed gets logged on the server side as "Forced command (key 
option) " (at loglevel debug and above, in session.c).

If you are actually seeing the command executed multiple times, could 
you please post a small sample of the authorized_keys file (feel free to 
elide the actual keys).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list