Bug#496547: openssh-server: command in authorize_keys not executed

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#496547: openssh-server: command in authorize_keys not executed
From: Frank Naumann <Frank.naumann@ifak.eu>
Date: Mon, 25 Aug 2008 17:59:18 +0200
Message-id: <20080825155918.32533.9613.reportbug@thor.ifak.eu>
Reply-to: Frank Naumann <Frank.naumann@ifak.eu>, 496547@bugs.debian.org

Package: openssh-server
Version: 1:4.3p2-9etch2
Severity: important


Starting from the recent openssh update the command as specified inside .ssh/authorized_keys isn't executed anymore. 
Instead I always get a shell. With other words,  the pub-key authorization works fine but instead to execute the 
command I always get an interactive session. This is very annyoing for me. It worked a long time with debian etch and 
my client system didn't changed and work fine to other ssh servers.

My .ssh/authorzed_keys config line:

command="nc foo 456",no-X11-forwarding,no-agent-forwarding,no-port-forwarding ssh-dss AAAAB3N...

If I connect the command is not executed. I get an interactive shell instead (e.g. the pubkey authorization works 
fine, so it's not an authorization issue; only the command is not executed).

I searched the manual pages up- and down but didn't found anything related to this.

This feature may also be used to restrict the ssh access (effectively raising a security hole if the client always 
get an interactive session).


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages openssh-server depends on:
ii  add 3.102                                Add and remove users and groups
ii  deb 1.5.11etch2                          Debian configuration management sy
ii  dpk 1.13.25                              package maintenance system for Deb
ii  lib 2.3.6.ds1-13etch7                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.4.4-7etch6                         MIT Kerberos runtime libraries
ii  lib 0.79-5                               Pluggable Authentication Modules f
ii  lib 0.79-5                               Runtime support for the PAM librar
ii  lib 0.79-5                               Pluggable Authentication Modules l
ii  lib 1.32-3                               SELinux shared libraries
ii  lib 0.9.8c-4etch3                        SSL shared libraries
ii  lib 7.6.dbs-13                           Wietse Venema's TCP wrappers libra
ii  ope 0.1.1                                list of blacklisted OpenSSH RSA an
ii  ope 1:4.3p2-9etch2                       Secure shell client, an rlogin/rsh
ii  zli 1:1.2.3-13                           compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/vulnerable_host_keys:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false

Reply to:

Prev by Date: Bug#496495: openssh-client: ssh-vulnkey "see manpage" message is unnecessary
Next by Date: Bug#313317: Workaround for this bug (openssh-server: PAM environment takes precedence over SendEnv)
Previous by thread: Processed: Re: Bug#496495: openssh-client: ssh-vulnkey "see manpage" message is unnecessary
Next by thread: Bug#313317: Workaround for this bug (openssh-server: PAM environment takes precedence over SendEnv)
Index(es):
- Date
- Thread