Multiple forced commands being executed

Damien Miller djm at mindrot.org
Tue Feb 1 22:34:39 EST 2011


On Tue, 1 Feb 2011, Oliver Beattie wrote:

> Hi Darren,
> 
> Thanks so much for getting back to me. Yes, you're absolutely right,
> on the server only the "proper" command gets executed. However, it is
> a security problem for us to reveal all/many of the usernames that can
> potentially access these machine(s). Is there some way we can prevent
> this from being sent to the client?

The bug that caused the authorized_keys file to be parsed in this way
was fixed in openssh-5.6 (or possibly earlier). You should try the most
recent release (5.7)

-d


More information about the openssh-unix-dev mailing list