You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Cong-Xin Qiu (JIRA)" <ji...@apache.org> on 2018/01/29 22:40:00 UTC
[jira] [Commented] (SSHD-796) AuthorizedKeyEntry parses
`loginOptions` in a wrong way
[ https://issues.apache.org/jira/browse/SSHD-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16344133#comment-16344133 ]
Cong-Xin Qiu commented on SSHD-796:
-----------------------------------
You may want to refer to this page:
[http://man.openbsd.org/sshd.8#AUTHORIZED_KEYS_FILE_FORMAT]
It gives a more complete set of possible `authorized_keys` file format compare to the wikibook one you said in the comment of your code:
{code:java}
# Comments allowed at start of line
ssh-rsa AAAAB3Nza...LiPk== user@example.net
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
AAAAB2...19Q== john@example.net
command="dump /home",no-pty,no-port-forwarding ssh-dss
AAAAC3...51R== example.net
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
AAAAB5...21S==
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
jane@example.net
restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
user@example.net
restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
user@example.net
{code}
> AuthorizedKeyEntry parses `loginOptions` in a wrong way
> -------------------------------------------------------
>
> Key: SSHD-796
> URL: https://issues.apache.org/jira/browse/SSHD-796
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.7.0
> Environment: Ubuntu 16.04
> openjdk version "1.8.0_151"
> Reporter: Cong-Xin Qiu
> Priority: Major
> Attachments: ApacheMinaSshdTest.java
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> For `.ssh/authorized_keys` to have forced commands, sometimes AuthorizedKeyEntry parses it in the wrong way.
> For
> {code:java}
> command="./an-executable-script-without-arguments.sh",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3N...
> {code}
> AuthorizedKeyEntry.getLoginOptions gives Map<String,String> with value
> {code:java}
> command ./an-executable-script-without-arguments.sh
> no-agent-forwarding true
> no-port-forwarding true
> no-pty true
> no-x11-forwarding true
> {code}
> which is correct.
> But for forced commands with arguments
> {code:java}
> command="./an-executable-script.sh arg1 arg2",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3N...
> {code}
> It gives
> {code:java}
> command "./an-executable-script.sh
> {code}
> Which is wrong.
> It seems skip the blank space, so missed all following options. And it also didn't remove the quotation mark.
> Maybe there is some parsing error in here.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)