Package: openssh-client
Version: 1:9.5p1-2
Severity: normal
Tags: upstream

The above web page describes how to exploit systems via the athorized_keys
file and purports to describe how to hide backdoors in ~/.ssh/id_*.pub, the
only way that second claim could be valid is by using ssh-copy-if to blindly
copy a .pub file that has the command= string in question installed.

To address this sort of thing (and also to prevent needless confusion from
less hostile uses of command=) I think ssh-copy-id should either warn about
the use of command= in the source file or copy a sanitised version unless
explicitely told to copy that with an optional parameter.

-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-5-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages openssh-client depends on:
ii  adduser           3.137
ii  libc6             2.37-13
ii  libedit2          3.1-20230828-1
ii  libfido2-1        1.14.0-1
ii  libgssapi-krb5-2  1.20.1-5
ii  libselinux1       3.5-1+b1
ii  libssl3           3.1.4-2
ii  passwd            1:4.13+dfsg1-3
ii  zlib1g            1:1.3.dfsg-3

Versions of packages openssh-client recommends:
ii  xauth  1:1.1.2-1

Versions of packages openssh-client suggests:
pn  keychain                   <none>
ii  ksshaskpass [ssh-askpass]  4:5.27.9-1
pn  libpam-ssh                 <none>
pn  monkeysphere               <none>

-- debconf-show failed

Reply via email to