Bugzilla – Bug 5764
PermitOpen functionality should add quotes around username with whitespace
Last modified: 2018-09-17 09:25:52
You need to
before you can comment on or make changes to this bug.
If you have a username with whitespace, for example a space, and using the
PermitOpen feature, then sshd_config will look like:
Match User xxx yyy
This is an invalid configuration and after the SIGHUP, the machine will no
longer respond to SSH. The username should be quoted like:
Match User "xxx yyy"
There are more characters that confuse sshd. E.g. the user foo""foo:
> PermitOpen none
> # @thinlinc-begin@
> Match User "foo""foo"
> PermitOpen 127.0.0.1:5901
> # @thinlinc-end@
> Jan 08 14:36:26 dhcp-254-99.lkpg.cendio.se sshd: Missing Match criteria for foo
> Jan 08 14:36:26 dhcp-254-99.lkpg.cendio.se sshd: /etc/ssh/sshd_config line 157: Bad Match condition
The parser is unfortunately not very bright, so I think the only safe approach
is to avoid all its special characters. Currently that list is " \t\r\n\"=".
See strdelim() in misc.c.
Code looks fine, still works for regular usernames.
Has the new fix been installed on the demo system?
(In reply to comment #5)
> Code looks fine, still works for regular usernames.
> Has the new fix been installed on the demo system?
Yes, on eudemo. usdemo has also been updated now.