Bug#903474: marked as done (openssh-server: ~/.ssh/authorized_keys no longer accepts environment option with underscores in name)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 10 Jul 2018 15:38:26 +0000
with message-id <E1fcuig-0005gX-BX@fasolo.debian.org>
and subject line Bug#903474: fixed in openssh 1:7.7p1-3
has caused the Debian Bug report #903474,
regarding openssh-server: ~/.ssh/authorized_keys no longer accepts environment option with underscores in name
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
903474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903474
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh-server: ~/.ssh/authorized_keys no longer accepts environment option with underscores in name
• From: Bas van Sisseren <bas@quarantainenet.nl>
• Date: Tue, 10 Jul 2018 14:15:33 +0200
• Message-id: <[🔎] 153122493345.2556.5731450251044074132.reportbug@ls-40.office.quarantainenet.nl>

Package: openssh-server
Version: 1:7.7p1-2
Severity: normal
Tags: upstream

Dear Maintainer,

The ~/.ssh/authorized_keys no longer accepts lines with an environment option where an
underscore is used in the environment name.

e.g.
environment="LC_ALL=C" ssh-rsa AAAA... my-public-key

This stricter checking is added in openssh 7.7. As a result of this stricter check, I am
no longer allowed to login with this key. Imho this is too restrictive and underscores
should be allowed.

The bug is fixed upstream here:
  https://bugzilla.mindrot.org/show_bug.cgi?id=2851


Best Regards,

Bas van Sisseren


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.16.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                3.117
ii  debconf [debconf-2.0]  1.5.67
ii  dpkg                   1.19.0.5+b1
ii  libaudit1              1:2.8.3-1+b1
ii  libc6                  2.27-3
ii  libcom-err2            1.44.2-1
ii  libgssapi-krb5-2       1.16-2
ii  libkrb5-3              1.16-2
ii  libpam-modules         1.1.8-3.7
ii  libpam-runtime         1.1.8-3.7
ii  libpam0g               1.1.8-3.7
ii  libselinux1            2.8-1+b1
ii  libssl1.0.2            1.0.2o-1
ii  libsystemd0            239-5
ii  libwrap0               7.6.q-27
ii  lsb-base               9.20170808
ii  openssh-client         1:7.7p1-2
ii  openssh-sftp-server    1:7.7p1-2
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
pn  libpam-systemd  <none>
pn  ncurses-term    <none>
pn  xauth           <none>

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  openssh-server/permit-root-login: true
  openssh-server/password-authentication: true

--- End Message ---

--- Begin Message ---

• To: 903474-close@bugs.debian.org
• Subject: Bug#903474: fixed in openssh 1:7.7p1-3
• From: Colin Watson <cjwatson@debian.org>
• Date: Tue, 10 Jul 2018 15:38:26 +0000
• Message-id: <E1fcuig-0005gX-BX@fasolo.debian.org>

Source: openssh
Source-Version: 1:7.7p1-3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 903474@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 10 Jul 2018 16:07:16 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.7p1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 903474
Changes:
 openssh (1:7.7p1-3) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Adjust git-dpm tagging configuration.
   * Remove no-longer-used Lintian overrides from openssh-server and ssh.
   * Add Documentation keys to ssh-agent.service, ssh.service, and
     ssh@.service.
 .
   [ Juri Grabowski ]
   * Add rescue.target with ssh support.
 .
   [ Christian Ehrhardt ]
   * Fix unintentional restriction of authorized keys environment options
     to be alphanumeric (closes: #903474, LP: #1771011).
Checksums-Sha1:
 399b427dffbe5cb8f76cda7116e7c8daa0ea1989 3121 openssh_7.7p1-3.dsc
 0ed9fdb961fa204d286562abb9d86c47d65bb4c9 159700 openssh_7.7p1-3.debian.tar.xz
 0bf7bdf6dbfc099c9b99872799b5f183778b26db 14804 openssh_7.7p1-3_source.buildinfo
Checksums-Sha256:
 957be26e3c066cd6c5a36455b211afaa430b1817568e3ab4e9c832aac88234b7 3121 openssh_7.7p1-3.dsc
 160baec59cc0b3155ff9e75a18cc61d020ae2560545a24d69d0cfd097cf957f6 159700 openssh_7.7p1-3.debian.tar.xz
 4054ebe65a1855842813e9b93b435cb65c4cd149c22df9d0d2c9540be78f7840 14804 openssh_7.7p1-3_source.buildinfo
Files:
 1d7950bea6d4730b86a4d40cbf8f1a78 3121 net standard openssh_7.7p1-3.dsc
 0984593e1739ecf5edc916edbaf2ba24 159700 net standard openssh_7.7p1-3.debian.tar.xz
 ae109f67361a18ba3020b585ceb64c74 14804 net standard openssh_7.7p1-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAltEzFAACgkQOTWH2X2G
UAs9fBAApiebXo7hqCZPm/6k6bDfkiSJ6rWCmcfRva7vaIZa9j81aRLbBYlwr8p8
UExrB4FNDIgFAARZnlfPtoVtC6DAudIyfws5yJUXm/K6M6Ou8Nzlg+Ooyvj848eq
PQ8a5RO4uZNN0GOk1TxYH8/QzS8C2IJ8cm+t1roWP+mzfgq0aiBtdt37R89CNvGQ
MnI/aZA3Ie6+68bA16PYrTbDMOkggH/TZ++3bhpIsRYKwVlIgttaSu1UXuFWoaNo
2zJSLQDq78Tlr5iksqqIICJFcuQ1lDYTpf6cS9mJz1ViiWbOyr/BEKUPNEKpbsrw
ssjwQz2Wzy+5c0ueeU1ut+iffGcHLM6tgnDy4YfuLvBt94cNrogQ74NwCjoMF+C0
99ZCAgXvaDlju24+BxX5cOozHiKg88mUpGRr2rZKkfVjiisGkA15tr7J0Akmx0p7
/rXD109hf13PTMHsi0xD4Vk/YVG/GhKVUF/q8T/DD7YHf7I3uUFJPlw6b6XI6S9u
wBmrHice+E9Tf2QKGW7ultK1bobnfHY9JVSaxjYCNrpOagIE4lqH+iNnUCfSoLjS
G/4txslqdTmg5DqrPHJ8RGwBAyGBvybbVVwQRKFsxLPCebUHGy0rm9iPOo0nQgoR
AtSlefwejmQuzYCTwrcjZuQhT3wPFsligHSmK24zc1rl7eQjpRw=
=eSep
-----END PGP SIGNATURE-----

--- End Message ---