similar to: Subsystem sftp invoked even though forced command created

This is a new branch of an old thread, made necessary because the email system here purges sent messages after a period of time so I can't reply to the last message in the thread. The operative portion of that last message (retrieved from the archives and dated July 3, 2023) follows: /*****/ So I set up a fresh key to use for this test, and gave it similar parameters. I wasn't aware of

On 05.07.23 02:50, Damien Miller wrote: > Some possibilities: > 1. the receive.ksh script is faulty in some way that causes it to invoke > sftp-server How would the script even *know* that the client requested the SFTP subsystem? Is a subsystem's executable/path, supposedly internally overwritten with the forced command at that point, exposed through $SSH_ORIGINAL_COMMAND ?

On 06.07.23 23:37, MCMANUS, MICHAEL P wrote:> So changing the forced command as stated will break the application. I > would need to create a test bed to simulate the listener rather than > use the server as is, where is. That may produce false or misleading > results. Since the forced command is tied to the specific keypair in the authorized_keys, you could -- test with a different

On 05.07.23 18:01, MCMANUS, MICHAEL P wrote: > It appears the forced command either does not run or runs to completion > and exits immediately, as there is no process named "receive.ksh" in > the process tree. FWIW, two cents of mine: -- The script *exiting* should *not* prompt sshd to execute the requested subsystem "as a second thought", or else it'd happen

On 30.06.23 17:56, MCMANUS, MICHAEL P wrote: > The actual command is similar to the following (parameters inserted to protect the source): > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > ssh -Ti ${EmbeddedPrivateKey} \ > -o HostKeyAlias="${Alias}" \ > -o

On Mon, 3 Jul 2023, Jochen Bern wrote: > On 30.06.23 17:56, MCMANUS, MICHAEL P wrote: > > The actual command is similar to the following (parameters inserted to > > protect the source): > > (print ${FQDN} ; print ${Environment} ; cat ${OutFileXML}) | \ > > ssh -Ti ${EmbeddedPrivateKey} \ > > -o HostKeyAlias="${Alias}" \

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

Hello! A couple of days ago I submitted the problem report shown below to the support forum for WinSCP. I got a reply (shown at the end of this e-mail) saying that this in part was a WinSCP problem, but also that there appeared to be something wrong with the replies from OpenSSH-3.9p1 under AIX 4.3.3. The full dialog including the reply can be seen at

On 12.11.23 03:52, Damien Miller wrote: > On Sat, 11 Nov 2023, Bob Proulx wrote: > >> I am supporting a site that allows members to upload release files. I >> have inherited this site which was previously existing. The goal is >> to allow members to file transfer to and from their project area for >> release distribution but not to allow general shell access and not

http://bugzilla.mindrot.org/show_bug.cgi?id=637 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX ------- Comment #12 from djm at mindrot.org 2005-11-06 03:51 -------

i just noticed that the env. variable SSH_ORIGINAL_COMMAND is no more set if there is no forced command. was there a reason to do so? Background: I'm using a wrapper that can be used as forced command and as shell. (most of the time as forced command, but now I had a task where it had to be used as shell) The wrapper currently only gets its parameters by parsing the SSH_ORIGINAL_COMMAND

http://bugzilla.mindrot.org/show_bug.cgi?id=934 ------- Additional Comments From opensshbugzilla at prikryl.cz 2005-01-10 03:38 ------- Hello, I'm author of the metioned SFTP client (WinSCP). I have been just experimenting with this issue. For me realpath does succeed on OpenSSH server on Linux (shell.sourceforge.net). With OpenSSH client (sftp) I'm able to enter the

Hi, Currently the openssh sftp-server only supports sftp protocol version 3, and unless I am mistaken there are no plans to support newer versions of this protocol. The encoding of the filenames for this protocol version is unspecified, so there is no reliable way for an sftp client to detect the encoding of the filenames. To solve this problem, I am proposing here a new sftp extension to

Hi, Currently the openssh sftp-server only supports sftp protocol version 3, and unless I am mistaken there are no plans to support newer versions of this protocol. The encoding of the filenames for this protocol version is unspecified, so there is no reliable way for an sftp client to detect the encoding of the filenames. To solve this problem, I am proposing here a new sftp extension to allow

http://bugzilla.mindrot.org/show_bug.cgi?id=861 Summary: Swapped parameters of SSH_FXP_SYMLINK packet of SFTP protocol Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo:

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after

Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative

On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > >

https://bugzilla.mindrot.org/show_bug.cgi?id=2253 Bug ID: 2253 Summary: No "$@"-like SSH_ORIGINAL_COMMAND leads to escaping, arg-sep and metachar issues Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

How do I get WinSCP running? Installed different versions (AppDB gold) What does the error mean? How can I fix it? Abort on netapi32.dll.NetUseGetInfo & NetUserGetGroups. Thx, Pieter log.txt: fixme:mixer:ALSA_MixerInit No master control found on HDA ATI HDMI, disabling mixer fixme:mpr:WNetGetConnectionW Don't know how to convert L"\\media\\rumba" to an unc wine: Call from