Bug 27080

Summary: sshd may mis-parse the authorized_keys file
Product: Base System Reporter: Mikhail T. <freebsd-2024>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Mikhail T. 2001-05-04 17:30:00 UTC 
	I have some keys in the authorized_keys file with some limitational
	flags:
	no-pty,no-port-forwarding,no-agent-forwarding 1024 35 ..key...

	If add another key _after_ this one, the flags seem to apply to it
	too, even though its line does not have them. no-pty is the most
	noticable one.

Fix: 

Make sure the keys with the special flags are at the bottom of
	the file. Not a complete work-around, since the flags may be
	mixed for different keys.
How-To-Repeat: 
	Put a couple of keys with no-pty,no-port-forwarding and
	no-agent-forwarding flags in front of your regular keys.
	See, if you can still login normally.
Comment 1 Kris Kennaway 2001-05-06 06:31:00 UTC 
On Fri, May 04, 2001 at 12:24:35PM -0400, Mikhail Teterin wrote:

> 	I have some keys in the authorized_keys file with some limitational
> 	flags:
> 	no-pty,no-port-forwarding,no-agent-forwarding 1024 35 ..key...
> 
> 	If add another key _after_ this one, the flags seem to apply to it
> 	too, even though its line does not have them. no-pty is the most
> 	noticable one.


Could you bring this up with the OpenSSH developers, please?  OpenSSH
isn't developed separately in FreeBSD except for a few local changes.

Kris
Comment 2 Kris Kennaway 2001-07-13 00:48:33 UTC 
Please take this up with the OpenSSH developers.  Thanks.

Kris

On Fri, May 04, 2001 at 12:24:35PM -0400, Mikhail Teterin wrote:
> 
> >Number:         27080
> >Category:       bin
> >Synopsis:       sshd may mis-parse the authorized_keys file
> >Confidential:   no
> >Severity:       serious
> >Priority:       medium
> >Responsible:    freebsd-bugs
> >State:          open
> >Quarter:        
> >Keywords:       
> >Date-Required:
> >Class:          sw-bug
> >Submitter-Id:   current-users
> >Arrival-Date:   Fri May 04 09:30:00 PDT 2001
> >Closed-Date:
> >Last-Modified:
> >Originator:     Mikhail Teterin
> >Release:        FreeBSD 4.3-BETA i386
> >Organization:
> Virtual Estates, Inc.
> >Environment:
> FreeBSD raidbox.privatelabs.com 4.3-BETA FreeBSD 4.3-BETA #0: Tue Apr 10 20:30:55 EDT 2001     mi@minime.privatelabs.com:/raid/src/sys/compile/RAIDBOX  i386
> 
> >Description:
> 
> 	I have some keys in the authorized_keys file with some limitational
> 	flags:
> 	no-pty,no-port-forwarding,no-agent-forwarding 1024 35 ..key...
> 
> 	If add another key _after_ this one, the flags seem to apply to it
> 	too, even though its line does not have them. no-pty is the most
> 	noticable one.
> 
> >How-To-Repeat:
> 
> 	Put a couple of keys with no-pty,no-port-forwarding and
> 	no-agent-forwarding flags in front of your regular keys.
> 	See, if you can still login normally.
> 
> >Fix:
> 
> 	Make sure the keys with the special flags are at the bottom of
> 	the file. Not a complete work-around, since the flags may be
> 	mixed for different keys.
> >Release-Note:
> >Audit-Trail:
> >Unformatted:
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-bugs" in the body of the message
Comment 3 Kris Kennaway freebsd_committer freebsd_triage 2001-07-13 00:48:37 UTC 
State Changed
From-To: open->closed

FreeBSD does not maintain OpenSSH separately to the main 
development effort.  Please submit your bug report there.