Possible issue with forced commands
Iain Morgan
imorgan at nas.nasa.gov
Thu Mar 12 07:39:07 EST 2009
Hi,
I noticed some behaviour recently that seems a bit odd. I have a
command-restricted public key that I use for checkouts from a local CVS
server. If I have the command-restricted key loaded into ssh-agent and
connect to the server, but authenticate via password rather than the key
(to get a login session) the forced command is still applied.
In other words, I get the ssh-askpass dialogue box asking if I want to
use the key and select 'Cancel.' I then get a password prompt and
successfully authenticate, but rather than getting a login shell I'm
apparently running the cvs command. If I don't have the key loaded, I'm
able to get a login session as expected.
Admittedly, the server is running an older version of OpenSSH (4.3p1)
and I have not verified that this behaviour exists with the current
version of OpenSSH, but it seems to me that the restriction should only
be applied if I actually used the key.
Any thoughts?
Thanks
--
Iain Morgan
P.S.: I'll try to test this against a more recent version shortly.
More information about the openssh-unix-dev
mailing list