Bug#496547: openssh-server: command in authorize_keys not executed
Package: openssh-server
Version: 1:4.3p2-9etch2
Severity: important
Starting from the recent openssh update the command as specified inside .ssh/authorized_keys isn't executed anymore.
Instead I always get a shell. With other words, the pub-key authorization works fine but instead to execute the
command I always get an interactive session. This is very annyoing for me. It worked a long time with debian etch and
my client system didn't changed and work fine to other ssh servers.
My .ssh/authorzed_keys config line:
command="nc foo 456",no-X11-forwarding,no-agent-forwarding,no-port-forwarding ssh-dss AAAAB3N...
If I connect the command is not executed. I get an interactive shell instead (e.g. the pubkey authorization works
fine, so it's not an authorization issue; only the command is not executed).
I searched the manual pages up- and down but didn't found anything related to this.
This feature may also be used to restrict the ssh access (effectively raising a security hole if the client always
get an interactive session).
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii add 3.102 Add and remove users and groups
ii deb 1.5.11etch2 Debian configuration management sy
ii dpk 1.13.25 package maintenance system for Deb
ii lib 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 1.4.4-7etch6 MIT Kerberos runtime libraries
ii lib 0.79-5 Pluggable Authentication Modules f
ii lib 0.79-5 Runtime support for the PAM librar
ii lib 0.79-5 Pluggable Authentication Modules l
ii lib 1.32-3 SELinux shared libraries
ii lib 0.9.8c-4etch3 SSL shared libraries
ii lib 7.6.dbs-13 Wietse Venema's TCP wrappers libra
ii ope 0.1.1 list of blacklisted OpenSSH RSA an
ii ope 1:4.3p2-9etch2 Secure shell client, an rlogin/rsh
ii zli 1:1.2.3-13 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/vulnerable_host_keys:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
Reply to: