openssh sshd authorized_keys wrong command= (statefull value?)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
$HOME/.
The wrong value for 'command=' is used when there are multiple lines that use a command.
Version is fresh install of Ubuntu 8.10 Intrepid and its OpenSSH package OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007.
HERE IS A TEST-DEMO SCRIPT... filename "sshd-bug.sh" BEGIN cut-n-paste
#!/bin/bash
NAME=${1:-TEST}
KEY_NAME=
echo NAME=$NAME
echo KEY_NAME=$KEY_NAME
rm -f $KEY_NAME*
ssh-keygen -t rsa -f "$KEY_NAME" -N ""
cp -p $KEY_NAME.pub $KEY_NAME.pub.raw
echo command=\"echo HELLO: NAME=$NAME\" `cat $KEY_NAME.pub.raw` > $KEY_NAME.pub
cat $HOME/.
echo ssh -t -i "$KEY_NAME" localhost
ssh -t -i "$KEY_NAME" localhost
exit
END cut-n-paste
Execute this "sshd-bug.sh" script WITHIN AN XTERM as follows...
sshd-bug.sh TEST1
This "SHOULD" print something like this (unless the "command="
stateful bug has already bitten you)
...
ssh -t -i /home/randy/
HELLO: NAME=TEST1
Manually executing the ssh command "SHOULD" print the TEST1 again, i.e.
ssh -t -i /home/randy/
HELLO: NAME=TEST1
Now, do the same thing for TEST2
sshd-bug.sh TEST2
This "SHOULD" print something like this...
...
ssh -t -i /home/randy/
HELLO: NAME=TEST2
Manually execute the ssh again "SHOULD" print the TEST2 thing, i.e.
ssh -t -i /home/randy/
HELLO: NAME=TEST2
NOW HERE IS THE PROBLEM...
try manually executing ssh for TEST1 again..., i.e.
ssh -t -i /home/randy/
HELLO: NAME=TEST2
Executing TEST1 will echo TEST2 (instead of TEST1).
Ouch!!!
Try this same sequence for TEST3, TEST4, ...
The echo command for the LAST tunnel that was created will be used,
instead of the tunnel for the one explicitly reference by "-i $HOME/.
MORE CRAZY THINGS THAT I TRIED...
stop the sshd service
verify that it is shutdown by trying an ssh command
start the sshd service again
try the ssh commands again
Notice that the "command=" state is remembered.
sshd did NOT forget...
Did something in my environment change?
env | sort > env-save1
do some ssh stuff, perhaps even sshd-bug.sh
env | sort > env-save2
diff env-save1 env-save2
Nothing important changes !!!
NOW FOR THE TRULY BIZZARRE...
Switch to a primitive Linux console mode, i.e.
<ctrl>+<alt>+F3
login and execute ssh manually, i.e.
ssh -t -i /home/randy/
ssh -t -i /home/randy/
ssh -t -i /home/randy/
The CORRECT value is echoed !!!
TEST1 echos TEST1
TEST2 echos TEST2
etc.
CAN ANYONE ELSE REPRODUCE THIS ?
Have I completely lost my mind???
Thanks
Randy
I cannot reproduce this on Intrepid or Jaunty. Is connection sharing enabled?