You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Cong-Xin Qiu (JIRA)" <ji...@apache.org> on 2018/01/29 22:40:00 UTC

[jira] [Commented] (SSHD-796) AuthorizedKeyEntry parses `loginOptions` in a wrong way

    [ https://issues.apache.org/jira/browse/SSHD-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16344133#comment-16344133 ] 

Cong-Xin Qiu commented on SSHD-796:
-----------------------------------

You may want to refer to this page:

[http://man.openbsd.org/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT]

It gives a more complete set of possible `authorized_keys` file format compare to the wikibook one you said in the comment of your code:
{code:java}
# Comments allowed at start of line 
ssh-rsa AAAAB3Nza...LiPk== user@example.net 
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 
AAAAB2...19Q== john@example.net 
command="dump /home",no-pty,no-port-forwarding ssh-dss 
AAAAC3...51R== example.net 
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 
AAAAB5...21S== 
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 
jane@example.net 
restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== 
user@example.net 
restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== 
user@example.net
{code}

> AuthorizedKeyEntry parses `loginOptions` in a wrong way
> -------------------------------------------------------
>
>                 Key: SSHD-796
>                 URL: https://issues.apache.org/jira/browse/SSHD-796
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.7.0
>         Environment: Ubuntu 16.04
> openjdk version "1.8.0_151"
>            Reporter: Cong-Xin Qiu
>            Priority: Major
>         Attachments: ApacheMinaSshdTest.java
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> For `.ssh/authorized_keys` to have forced commands, sometimes AuthorizedKeyEntry parses it in the wrong way.
> For
> {code:java}
> command="./an-executable-script-without-arguments.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3N...
> {code}
> AuthorizedKeyEntry.getLoginOptions gives Map<String,String> with value
> {code:java}
> command            ./an-executable-script-without-arguments.sh
> no-agent-forwarding            true
> no-port-forwarding            true
> no-pty            true
> no-x11-forwarding            true
> {code}
> which is correct.
> But for forced commands with arguments
> {code:java}
> command="./an-executable-script.sh arg1 arg2",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3N...
> {code}
> It gives
> {code:java}
> command            "./an-executable-script.sh
> {code}
> Which is wrong.
> It seems skip the blank space, so missed all following options. And it also didn't remove the quotation mark.
> Maybe there is some parsing error in here.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)