[Bug 3225] New: usernames and passwords aren't encoded to system locale

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Oct 27 20:05:54 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3225

            Bug ID: 3225
           Summary: usernames and passwords aren't encoded to system
                    locale
           Product: Portable OpenSSH
           Version: -current
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ossman at cendio.se

SSH uses UTF-8 on the wire for usernames and passwords, which means it
can handle pretty much anything. However to make use of those sshd
needs to pass them on to the system via NSS and PAM. Those APIs are
unfortunately poorly specified when it comes to encoding, but are
likely using the local system locale.

Unfortunately OpenSSH doesn't do any conversion, so effectively only
supporting systems with a UTF-8 locale.

This bug is severely mitigated by the fact that most people stick to
the ASCII subset for usernames and passwords, and that these days most
systems have a UTF-8 locale.

However this is not always the case so it would be nice if those users
could also use OpenSSH.


(the same bug is likely in the client when sending the data)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list