touch-packages team mailing list archive

Thread
Date
[Bug 161047] Re: ssh server forces a command when it should not

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Simon Déziel <161047@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Sep 2014 20:23:55 -0000
Reply-to: Bug 161047 <161047@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
>From https://bugzilla.mindrot.org/show_bug.cgi?id=1472#c3:

  Mass update RESOLVED->CLOSED after release of openssh-5.1

And Ubuntu ships version >=5.1+ since at least Precise.

** Changed in: openssh (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/161047

Title:
  ssh server forces a command when it should not

Status in Portable OpenSSH:
  Fix Released
Status in “openssh” package in Ubuntu:
  Fix Released

Bug description:
  When logging in on my home server I find it impossible to maintain
  both publickey and passphrase authentication. This has started
  happening recently, so I suspect an update might be responsible.

  Set-up:
  The user is set up to accept both publickey and password authentication in this order (the usual set-up). The authorized hosts looks like this (basically to allow only access to the repository and nothing more):
  command="svnserver -t --tunnel-user=user",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAA...Q==...

  The password login is left unrestricted.

  Symptoms:
  When connecting and having the key in the ~/.ssh/ directory, the client sends a notification (?) to the server about the key and it is taken as though it should succeed:

  OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007
  ...
  debug1: Connection established.
  debug1: identity file /home/user/.ssh/identity type -1
  debug1: identity file /home/user/.ssh/id_rsa type 1
  debug1: identity file /home/user/.ssh/id_dsa type 2
  debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1 Debian-5build1
  debug1: match: OpenSSH_4.6p1 Debian-5build1 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1
  ...
  debug1: Authentications that can continue: publickey,password
  debug1: Trying private key: /home/user/.ssh/identity
  --> debug1: Offering public key: /home/user/.ssh/id_rsa
  --> debug1: Remote: Forced command: svnserver -t --tunnel-user=user
  debug1: Remote: Port forwarding disabled.
  debug1: Remote: Agent forwarding disabled.
  debug1: Remote: X11 forwarding disabled.
  debug1: Remote: Pty allocation disabled.
  debug1: Server accepts key: pkalg ssh-rsa blen 277
  --> debug1: PEM_read_PrivateKey failed
  debug1: read PEM private key done: type <unknown>
  Enter passphrase for key '/home/user/.ssh/id_rsa': 
  debug1: Next authentication method: password
  user@localhost's password: 
  debug1: Authentication succeeded (password).
  debug1: channel 0: new [client-session]
  debug1: Entering interactive session.
  debug1: Sending environment.
  debug1: Sending env LANG = cs_CZ.UTF-8
  ...here the svnserver takes over

  does anyone have a clue what to try?

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/161047/+subscriptions