https://bugzilla.mindrot.org/show_bug.cgi?id=3503
Bug ID: 3503 Summary: OpenSSH tries executing banner as command Product: Portable OpenSSH Version: 8.8p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: mateusz.gierblin...@gmail.com Created attachment 3626 --> https://bugzilla.mindrot.org/attachment.cgi?id=3626&action=edit Proof of Concept Hi there, On default Fedora 37 installation I found an interesting issue. In my home directory I have the following config: Host redhat HostName 192.16.122.253 User mto #Identityfile /home/mto/.ssh/id_ed25519 ProxyCommand ssh -T -i /home/mto/.ssh/id_ed25519 mto@192.168.122.253 When I'm trying to connect, I receive the following message: -bash: line 1: $'SSH-2.0-OpenSSH_8.8\r': command not found As you can see, OpenSSH tries to execute banner version as command. Based on the StackOverflow (link: https://unix.stackexchange.com/questions/269024/change-ssh-banner-which-is-grabbed-by-netcat) we can modify banner and it has to be exactly 11 characters long, otherwise the binary gets corrupted. Please refer to provided screenshot for proof. Thanks, Mateusz -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs