bugzilla-daemon at mindrot.org
2006-Feb-22 05:40 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
Summary: %u and %h not handled in IdentityFile
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: imaging at math.ualberta.ca
Here is a patch to allow private key files to be placed system wide (for all
users) in a secure (non-NFS) mounted location on systems where home directories
are NFS mounted. This addresses an important security hole on systems where
home directories are NFS mounted, particularly if there are users who use blank
passphrases (or when lpd is tunneled through ssh on systems running lpd as user
lp) instead of ssh-agent. IdentityFile now accepts the same %u, %h, %% options
that AuthorizedKeysFile accepts (see man sshd). For example, one can specify a
user-dependent IdentityFile in ssh_config:
IdentityFile /ssh/%u/id_rsa
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Feb-22 05:41 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159 ------- Comment #1 from imaging at math.ualberta.ca 2006-02-22 16:41 ------- Created an attachment (id=1076) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1076&action=view) User-dependent IdentityFile portable version ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Feb-22 05:42 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159 ------- Comment #2 from imaging at math.ualberta.ca 2006-02-22 16:42 ------- Created an attachment (id=1077) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1077&action=view) User-dependent IdentityFile OpenBSD version ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Feb-22 05:44 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
imaging at math.ualberta.ca changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |imaging at math.ualberta.ca
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Feb-26 01:49 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1077| |ok-
Flag| |
------- Comment #3 from djm at mindrot.org 2006-02-26 12:49 -------
(From update of attachment 1077)>diff -ru ssh/ssh-keygen.c sshJ/ssh-keygen.c
>--- ssh/ssh-keygen.c 2005-11-28 19:04:55.000000000 -0700
>+++ sshJ/ssh-keygen.c 2006-02-21 15:52:36.000000000 -0700
...>+ /* Read systemwide configuration file after user config. */
>+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, hostname,
&options, 0);
I don't think we want the other tools to depend on ssh_config.
>--- ssh/ssh.c 2005-12-19 21:41:07.000000000 -0700
>+++ sshJ/ssh.c 2006-02-21 15:52:36.000000000 -0700
...> for (; i < options.num_identity_files; i++) {
> filename = tilde_expand_filename(options.identity_files[i],
> original_real_uid);
>+ filename = percent_expand(filename, "h", pw->pw_dir,
>+ "u", pw->pw_name, (char *)NULL);
> public = key_load_public(filename, NULL);
This leaks memory. Also, I think it would be better to have:
%u -> user
%h -> local hostname
%d -> home directory
I'll attach a revised patch
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Feb-26 01:53 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1076 is|0 |1
obsolete| |
Attachment #1077 is|0 |1
obsolete| |
------- Comment #4 from djm at mindrot.org 2006-02-26 12:53 -------
Created an attachment (id=1083)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1083&action=view)
Revised diff
This diff fixes the memory leak and uses the mnemonics from Comment #3.
Note that the diff doesn't touch ssh-keygen.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Feb-26 06:15 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159 ------- Comment #5 from dtucker at zip.com.au 2006-02-26 17:15 ------- (In reply to comment #3)> Also, I think it would be better to have: > > %u -> user > %h -> local hostname > %d -> home directoryThe current uses of percent_expand() are, with this proposal at the bottom: ClHost ClUser SrvHost SrvUser SrvPort Homedir authorized_keys %u %h ControlPath %l %h %r %p ProxyCommand %h %p IdentityFile %h %u %d To keep the client-side consistent, those could be: %u -> local user %l -> local hostname %d -> home directory The following might also be useful: %h -> remote host %r -> remote username ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Mar-12 04:47 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1083 is|0 |1
obsolete| |
------- Comment #6 from djm at mindrot.org 2006-03-12 15:47 -------
Created an attachment (id=1097)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1097&action=view)
Improved diff, with dtucker's suggestions
Good points Darren, revised diff attached.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Mar-12 05:06 UTC
[Bug 1159] %u and %h not handled in IdentityFile
http://bugzilla.mindrot.org/show_bug.cgi?id=1159
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jprondak at visualmedia.com
------- Comment #7 from djm at mindrot.org 2006-03-12 16:06 -------
*** Bug 95 has been marked as a duplicate of this bug. ***
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Patch] User-dependent IdentityFile
- [PATCH] Add user-dependent IdentityFile to OpenSSH-3.0.2p1
- [Bug 3080] New: Document IdentityFile=none and clarify interaction of defaults with IdentitiesOnly
- [Bug 3570] New: Add substitution token for explicitly selected IdentityFile for ControlPath selection
- key management with ssh-agent, IdentityFile and info leakage