Hi all,
I've noticed that OpenSSH 7.7 adds stricter validation of user
environment strings from authorized_keys files. While strict
validation is a good thing from a security perspective, this new
change specifically blocks underscores which are common to include in
a user environment string. This results in the key being rejected
outright. Including underscores in a user environment is a relatively
common use case, for example setting LC_ALL.
In our use case, we are using a perl script to fetch public keys from
LDAP and setting an environment variable with the user's LDAP
username, resulting in authorized_keys lines like:
environment="LDAP_USER=jdoe" ssh-ed25519 ...
This generates a log message like:
bad key options: invalid environment string
The attached patch is against the released openssh-7.7 nonportable
release, however my testing took place on a portable (Linux) system.
Given the simplicity of the patch I hope that is not an issue.
I am happy to add a test case for this if that would be appropriate.
Cross reference to Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771011
Regards,
Dan Fuhry
diff -Naur ssh.a/auth-options.c ssh.b/auth-options.c
--- ssh.a/auth-options.c 2018-03-14 01:35:40.000000000 -0400
+++ ssh.b/auth-options.c 2018-06-21 12:03:14.136186424 -0400
@@ -384,14 +384,15 @@
}
if ((opt = opt_dequote(&opts, &errstr)) == NULL)
goto fail;
- /* env name must be alphanumeric and followed by '=' */
+ /* env name must be alphanumeric + underscores and
+ followed by '=' */
if ((tmp = strchr(opt, '=')) == NULL) {
free(opt);
errstr = "invalid environment string";
goto fail;
}
for (cp = opt; cp < tmp; cp++) {
- if (!isalnum((u_char)*cp)) {
+ if (!isalnum((u_char)*cp) && (u_char)*cp != '_') {
free(opt);
errstr = "invalid environment string";
goto fail;
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
