Multiple forced commands being executed
Damien Miller
djm at mindrot.org
Tue Feb 1 22:34:39 EST 2011
On Tue, 1 Feb 2011, Oliver Beattie wrote:
> Hi Darren,
>
> Thanks so much for getting back to me. Yes, you're absolutely right,
> on the server only the "proper" command gets executed. However, it is
> a security problem for us to reveal all/many of the usernames that can
> potentially access these machine(s). Is there some way we can prevent
> this from being sent to the client?
The bug that caused the authorized_keys file to be parsed in this way
was fixed in openssh-5.6 (or possibly earlier). You should try the most
recent release (5.7)
-d
More information about the openssh-unix-dev
mailing list