Invalid user name: function okname() in scp.c
Ángel González
keisial at gmail.com
Wed Mar 7 05:40:46 EST 2012
On 06/03/12 18:57, Reza Hedayat wrote:
> Hi OpenSSH developers
>
> In the source file *scp.c* there is a function called *okname(char
> *cp0)* that validates the entered username by using the scp command as
> follows:
>
> ( Fragment scp.c skipped)
>
> Thereby, usernames that contain the hash sign (#) are rejected. Is
> there a good reason why this logic was introduced?
> If there is no reason, so is it possible to remove the mentioned
> case-statement?
>
> I thank you in advance for your help and remain with best wishes
> Reza Hedayat
It's trying to avoiod shell special characters (quotes, backticks,
spaces...). The # introduces a comment in the shell (would need
escaping), so that's surely the reason it's forbidden.
You could replace it if you were sure the username is never used unquoted.
Having a # in the user name is very rare, though.
More information about the openssh-unix-dev
mailing list