From cjc@rfx-64-6-211-149.users.reflexcom.com  Tue Jan 16 23:37:09 2001
Return-Path: <cjc@rfx-64-6-211-149.users.reflexcom.com>
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 9EB1637B400
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Jan 2001 23:37:09 -0800 (PST)
Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 16 Jan 2001 23:35:22 -0800
Received: (from cjc@localhost)
	by rfx-64-6-211-149.users.reflexcom.com (8.11.1/8.11.0) id f0H7b7t60224;
	Tue, 16 Jan 2001 23:37:07 -0800 (PST)
	(envelope-from cjc)
Message-Id: <200101170737.f0H7b7t60224@rfx-64-6-211-149.users.reflexcom.com>
Date: Tue, 16 Jan 2001 23:37:07 -0800 (PST)
From: cjclark@reflexcom.com
Reply-To: cjclark@alum.mit.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: OpenSSH forced commands munge output
X-Send-Pr-Version: 3.2

>Number:         24399
>Category:       bin
>Synopsis:       OpenSSH forced commands munge output
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    cjc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 16 23:40:01 PST 2001
>Closed-Date:    Sat Jul 21 13:59:43 PDT 2001
>Last-Modified:  Sat Jul 21 14:02:51 PDT 2001
>Originator:     Crist J. Clark
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
>Environment:

	FreeBSD 4.2-STABLE
	SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0.
	Compiled with SSL (0x0090600f).

>Description:

        OpenSSH "forced commands," a command specified in the
	authorized_keys file, have their output mangled. It looks like
	their is some UNIX-MSDOS conversion going on. Newlines, \n,
	are substituted with \r\n.

>How-To-Repeat:

        Assuming you have sshd running locally and don't have 
	anything in your configs to break this kind of thing.
        $ man ssh > ssh_1.cat
        $ ssh-keygen -f sshtest -N "" -C SSH-Test  
        $ { echo 'command="cat ssh_1.cat" '; cat sshtest.pub; } >> .ssh/authorized_keys
        $ ssh -i sshtest localhost > ssh_2.cat
        $ cmp ssh_1.cat ssh_2.cat
        ssh_1.cat ssh_2.cat differ: char 79, line 1
        $ tr -d '\r' < ssh_2.cat > ssh_3.cat
        $ cmp ssh_1.cat ssh_3.cat
        $
        But this works,
        $ ssh localhost "cat ssh_1.cat" > ssh_4.cat
        cjc@localhost's password:
        $ cmp ssh_1.cat ssh_4.cat
        $

>Fix:

	No workaround other than to not use forced commands.

        After a quick look at the code, I can't see how a "forced
	command" would produce different results than one provided on
	the command line. But that's what the tests show.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->green 
Responsible-Changed-By: kris 
Responsible-Changed-When: Wed Jan 17 01:38:37 PST 2001 
Responsible-Changed-Why:  
Over to the maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24399 

From: "Crist J. Clark" <cjclark@reflexnet.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/24399: OpenSSH forced commands munge output
Date: Thu, 18 Jan 2001 11:14:09 -0800

 Immediately after submitting this, a workaround did occur to me. I
 have been using it and it seems to work fine. It is, however, so ugly,
 so hideous, I considered ROT-13'ing the rest of this mail for the
 squeamish. I basically put,
 
   command="create_output args | uuencode ssh_raw.out" ...
 
 In the authorized_keys file on the server, and do a,
 
   ssh server | uudecode -p | use_output args
 
 At the client end. Since the problem seems to be "\n" -> "\r\n"
 translation, this works.
 
 However, this still needs to be fixed.
 -- 
 Crist J. Clark                           cjclark@alum.mit.edu
 
State-Changed-From-To: open->closed 
State-Changed-By: cjc 
State-Changed-When: Sat Jul 21 13:59:43 PDT 2001 
State-Changed-Why:  
The correct way to handle data being sent through stdout when using 
forced commands is to add the 'no-pty' specification in the 
autorized_keys entry for the host. 


Responsible-Changed-From-To: green->cjc 
Responsible-Changed-By: cjc 
Responsible-Changed-When: Sat Jul 21 13:59:43 PDT 2001 
Responsible-Changed-Why:  
Closing my own old PR. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24399 
>Unformatted:
