diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-11-30 02:57:40 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-11-30 19:44:01 +1100 |
| commit | fd6dcef2030d23c43f986d26979f84619c10589d (patch) | |
| tree | a9b9d64866a656d5e187f7d63b61e1c1bede5e8f /sshd.8 | |
| parent | 7fc4766ac78abae81ee75b22b7550720bfa28a33 (diff) | |
| download | openssh-git-fd6dcef2030d23c43f986d26979f84619c10589d.tar.gz | |
upstream commit
When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, refuse to accept the
certificate unless they are identical.
The previous (documented) behaviour of having the certificate forced-
command override the other could be a bit confused and more error-prone.
Pointed out by Jann Horn of Project Zero; ok dtucker@
Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
Diffstat (limited to 'sshd.8')
| -rw-r--r-- | sshd.8 | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.286 2016/08/19 03:18:06 djm Exp $ -.Dd $Mdocdate: August 19 2016 $ +.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $ +.Dd $Mdocdate: November 30 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -481,19 +481,27 @@ If an 8-bit clean channel is required, one must not request a pty or should specify .Cm no-pty . A quote may be included in the command by quoting it with a backslash. +.Pp This option might be useful to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 -forwarding unless they are explicitly prohibited. +forwarding unless they are explicitly prohibited, e.g. using the +.Cm restrict +key option. +.Pp The command originally supplied by the client is available in the .Ev SSH_ORIGINAL_COMMAND environment variable. Note that this option applies to shell, command or subsystem execution. -Also note that this command may be superseded by either a +Also note that this command may be superseded by a .Xr sshd_config 5 .Cm ForceCommand -directive or a command embedded in a certificate. +directive. +.Pp +If a command is specified and a forced-command is embedded in a certificate +used for authentication, then the certificate will be accepted only if the +two commands are identical. .It Cm environment="NAME=value" Specifies that the string is to be added to the environment when logging in using this key. |