Package: openssh-server Version: 1:8.4p1-4 Severity: normal X-Debbugs-Cc: deb...@3001.dk
(I guess - but haven't checked in any way - that this also affects upstream) (There are many open bugs against this package, so I didn't carefully read the list, but did search it - without finding this issue) The sshd manpage says: command="command" Specifies that the command is executed whenever this key is used for authentication. but when I add such an option on one key in my authorized_keys file, so it looks like: ssh-rsa AAAAB3... gr...@sslug.dk command="/bin/hostname" ssh-rsa AAAAB3N... h...@one.com (I've shortened my public keys, as they are completely irrelevant, if you want to give me access to some machine, ask me for the complete key) I get the output of /bin/hostname no matter which key I use: grove@stacey> ssh -i .ssh/privat_rsa 10.0.3.106 date sid grove@stacey> ssh -i .ssh/id_rsa 10.0.3.106 date sid (A forced command was my use case, so that's what I've been specifying when testing, but in my orginal attempt at setting this up, I copied from somewhere specifying more options, and I think I saw that the problem also affected pty allocation, so possibly all options) -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-14-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.74 ii dpkg 1.20.7.1 ii libaudit1 1:3.0-2 ii libc6 2.31-9 ii libcom-err2 1.46.1-1 ii libcrypt1 1:4.4.17-1 ii libgssapi-krb5-2 1.18.3-4 ii libkrb5-3 1.18.3-4 ii libpam-modules 1.4.0-4 ii libpam-runtime 1.4.0-4 ii libpam0g 1.4.0-4 ii libselinux1 3.1-3 ii libssl1.1 1.1.1j-1 ii libsystemd0 247.3-1 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii openssh-client 1:8.4p1-4 ii openssh-sftp-server 1:8.4p1-4 ii procps 2:3.3.17-4 ii runit-helper 2.10.3 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 247.3-1 ii ncurses-term 6.2+20201114-2 ii xauth 1:1.1-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: openssh-server/password-authentication: true openssh-server/permit-root-login: true