Invalid user name: function okname() in scp.c

[Reza Hedayat]

Hi Ángel

I just wanted to enquire if there is a chance that you will remove the 
hash sign (#) validation from the OpenSSH code base.

Even the attempt to escape the # character results in rejection of the 
complete command by SCP.
SSH client and SFTP work perfectly with # characters in user names, it 
is just SCP that rejects it.
On the server side there are IBM AS/400 systems having usernames 
containing # characters, which are completely valid, legal and 
commonplace on that platform.

Best wishes
Reza



On 03/07/12 10:34, Reza Hedayat wrote:
> Hi Ángel
>
> Thanks a lot for your quick answer.
> You're right, this use case is very rare, but unfortunately there 
> exist some cases. :(
>
> Cheers
> Reza
>
>
>
>
> On 03/06/12 19:40, Ángel González wrote:
>> On 06/03/12 18:57, Reza Hedayat wrote:
>>> Hi OpenSSH developers
>>>
>>> In the source file *scp.c* there is a function called *okname(char
>>> *cp0)* that validates the entered username by using the scp command as
>>> follows:
>>>
>>> ( Fragment scp.c skipped)
>>>
>>> Thereby, usernames that contain the hash sign (#) are rejected. Is
>>> there a good reason why this logic was introduced?
>>> If there is no reason, so is it possible to remove the mentioned
>>> case-statement?
>>>
>>> I thank you in advance for your help and remain with best wishes
>>> Reza Hedayat
>> It's trying to avoiod shell special characters (quotes, backticks,
>> spaces...). The # introduces a comment in the shell (would need
>> escaping), so that's surely the reason it's forbidden.
>> You could replace it if you were sure the username is never used 
>> unquoted.
>> Having a # in the user name is very rare, though.
>

-- 
AdNovum Informatik AG
Reza Hedayat, Software Engineer
Dipl. Informatik-Ing. FH

Roentgenstrasse 22, CH-8005 Zurich
mailto:reza.hedayat at adnovum.ch
phone: +41 44 272 6111, fax: +41 44 272 6312
http://www.adnovum.ch

AdNovum Locations: Bern, Budapest, Singapore, Zurich (HQ)