Re: OpenSSH environment passing

From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 11/24/05

• Next message: Darren Tucker: "Re: SSH with no home directory"
• Previous message: dare_eagle_at_yahoo.com: "Re: SSH unable to connect"
• In reply to: simon_l_evans_at_yahoo.co.uk: "Re: OpenSSH environment passing"
• Next in thread: simon_l_evans_at_yahoo.co.uk: "Re: OpenSSH environment passing"
• Reply: simon_l_evans_at_yahoo.co.uk: "Re: OpenSSH environment passing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 24 Nov 2005 12:44:35 GMT

On 2005-11-24, simon_l_evans@yahoo.co.uk <simon_l_evans@yahoo.co.uk> wrote:
> Yeah, I read the man page strangely enough. The problem was in the
> order of the values in the authorized_keys file...
>
> Did have:
> from, ssh-rsa <key>, environment, comment
> also tried
> from, environment, ssh-rsa <key>, comment

There should be no space between the from and the environment. I suspect
this one didn't let you authenticate at all.

> then
> environment, ssh-rsa <key>, from, comment
> and this last one worked.

But the "from" restrictions won't since it's now part of the comment.
That ought to be:
environment="[foo]",from="[bar]" ssh-rsa <key> comment

> Hmmmm. Didn't see that in any docs.

It's cleverly hidden in sshd(8) under "AUTHORIZED_KEYS FILE FORMAT"
[...]
     Each line of the file contains one key (empty lines and lines starting
     with a '#' are ignored as comments). Each RSA public key consists of
     the following fields, separated by spaces: options, bits, exponent, mod-
     ulus, comment. Each protocol version 2 public key consists of: options,
     keytype, base64 encoded key, comment. The options field is optional;
[...]

There's some examples too...

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

---

• Next message: Darren Tucker: "Re: SSH with no home directory"
• Previous message: dare_eagle_at_yahoo.com: "Re: SSH unable to connect"
• In reply to: simon_l_evans_at_yahoo.co.uk: "Re: OpenSSH environment passing"
• Next in thread: simon_l_evans_at_yahoo.co.uk: "Re: OpenSSH environment passing"
• Reply: simon_l_evans_at_yahoo.co.uk: "Re: OpenSSH environment passing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: OpenSSH environment passing ... Darren Tucker wrote: ... >> Yeah, I read the man page strangely enough. ... Each protocol version 2 public key consists of: ... > Good judgement comes with experience. ... (comp.security.ssh) Re: HP-UX & Putty Log-In Prompt Problem ... Yeah, we should change that. ... packet or separate Banner packet). ... Good judgement comes with experience. ... (comp.security.ssh) Re: Top 5 concerns moving forward ... I like not cherry picking situations to cloud my judgement. ... yeah those two out doubles with no-one on atre great, ... (alt.sports.baseball.bos-redsox) Re: Somebody made a real error in judgement! ... Somebody made a real error in judgement! ... Yeah, I saw that while taking a swig of beer. ... (rec.motorcycles) Re: Fifth column? ... but not against a fellow Muslim. ... Said we should hold off on judgement. ... Yeah, we all know he's really a Black Liberation Theology radical ... (soc.culture.jewish.moderated)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2005-11