bugzilla-daemon at mindrot.org
2021-Nov-06 16:25 UTC
[Bug 3361] New: document that SessionType none prevents e.g. execution of authorized_keys’ command=
https://bugzilla.mindrot.org/show_bug.cgi?id=3361 Bug ID: 3361 Summary: document that SessionType none prevents e.g. execution of authorized_keys? command Product: Portable OpenSSH Version: 8.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Reporter: calestyo at scientia.org Hey. It seems that when "SessionType none" one does not only get no interactive login (as the novice user might assume), but also any commands specified for execution on the remote side, like authorized_keys? command= feature aren't invoked. Perhaps it's worth to mention that briefly in the manpage. Cheers, Chris. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-09 23:04 UTC
[Bug 3361] document that SessionType none prevents e.g. execution of authorized_keys’ command=
https://bugzilla.mindrot.org/show_bug.cgi?id=3361 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- This is the current description in the manpage:> SessionType > May be used to either request invocation of a subsystem on the > remote system, or to prevent the execution of a remote command at > all. The latter is useful for just forwarding ports. The argu? > ment to this keyword must be *none* (same as the -N option), > *subsystem* (same as the -s option) or *default* (shell or command > execution).IMO this is pretty clear already - the first sentence mentions the behaviour of blocking all shell/command execution and the third describes which does which. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-09 23:09 UTC
[Bug 3361] document that SessionType none prevents e.g. execution of authorized_keys’ command=
https://bugzilla.mindrot.org/show_bug.cgi?id=3361 --- Comment #2 from Christoph Anton Mitterer <calestyo at scientia.org> --- Well, but you're a core OpenSSH developer, knowing the code at it's heart ;-) For an admin/end-user it may easily be not that obvious, given that the command is already specified on the server (and not via the client) and especially given that the connecting client has no choice in overriding that command. Anyway, was just a suggestion. Feel free to close if you think it's not necessary. Cheers, Chris. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.