[Bug 2496] New: sshd hangs when using AuthorizedKeysCommand

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Nov 17 22:09:27 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2496

            Bug ID: 2496
           Summary: sshd hangs when using AuthorizedKeysCommand
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: amd64
                OS: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: felicity at torchbox.com

Since upgrading to 7.1p1 on FreeBSD 10.2, sshd has started hanging when
using an AuthorizedKeysCommand.  This worked fine in 6.8.

Server configuration:

Match User git
        AuthorizedKeysCommand /usr/local/sbin/ssh-lookup-key-git

Relevant server debug output:

debug3: subprocess: AuthorizedKeysCommand command
"/usr/local/sbin/ssh-lookup-key-git git" running as sshkeys
debug3: subprocess: AuthorizedKeysCommand pid 86183
debug2: user_key_allowed: check options:
'command="/usr/local/git/bin/gitolite-shell
tom at torchbox.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss
AAAAB3NzaC1kc3MAAACBALtPYyEOw+gvvWvW45iTR7SAkdH8FIML+4SBFPeXBp4ntT0JaRrkaTwm2C2PkZUaOShvFHCcTc7muNBMB/qmLYuWAcbCeKoxv08RMruGheGp6BB/9sByGjPfHssYNk4qxCqHTL6ZRjPRgApV5qz+OP8cTNlT0YXi2WA5Ubact4DhAAAAFQC71JYAqRBN0URvJmmMF5TyBNePkQAAAIEAlkG+5H/NZsHjZK7Dxn9iCNjGxoB/zJQJ89aSZ+wPktJExkfbVEXtiuEC04qfJ3qCqw6uYX8fG3e9+mujrAfh/TUDMLZc8sq4WvV91HPe9CX4XUOcf0dXzV76OlKJ4oTe2CHSouZzOyCCgtDgT87B85yS+B/7fKWXbDYEQ45lMfgAAACBALLs4d0ii3i2hwtVeddkYrJ8lHXKQWCZOtff+fLVu+cFEw8lTAfmpke+saN6sX5O1EgOuJUHInwgE+HDdmk6l1vyNJhGxKCuI3qYG2LXOKLmEyiEBOlpkPELVJnvVNMcQrMTARjo8IsiM4AcXBufzhN8yIdJ1fDV4a4cTYVzdF7n
tom at tortoise.local'
[... output elided ...]
debug2: user_key_allowed: check options:
'command="/usr/local/git/bin/gitolite-shell
felicity at torchbox.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAyszt9jTA88Dz4SjVVevwgCKHY1GfS5hla0XatqtAWNI+9O5eXasbybB7UfHo5Y6FB8Xu7Snu1NAj/xVGKLlQ69cNT6YMaj3TC1TLfhK2pmHxWHXDUqffU5ZOE/C4VSdING8FateJ5E7oOw9152UKNRoI12Fsu9yzzUZnKm0+43kFg/XfGioGqagm4jAUNhwylqRulRxFWCpZLjEjJOiRI+6pgVK8+wsq5kpuwVe36k0wmHEPWhbGabNY1Uw6dkVWIz3pI1PtaAmmb4FZ6KLYFh6kO4u3M+uhPfj94mtJb3Yr5jPkOb/9DKhCaZqYLVm3cs7pyQZtN3oRkitjzJC34Q==
felicity at severance'
debug1: matching key found: file /usr/local/sbin/ssh-lookup-key-git,
line 15 RSA SHA256:LlC54jHl2i3IC3K8rSsRuvjkSIdcfhbyH1oq2e/9Uog

No output is printed after this, and the sshd server process hangs with
the authorized keys command still running.

A workaround appears to be having the command flush output after
printing every key, instead of buffering it as a single write; in this
case, since it's a Perl script, adding "$| = 1;" to disable buffering
makes things work as expected.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list