Public bug reported:
Package: rssh
Version: 2.3.4-4+deb8u1build0.16.04.1
We are using libssh2(v1.5) client to download files in our product.
After rssh got auto patched, our download scenario is broken. This
happens only for users that are created with default rssh shell login.
Steps to repro:
1. sudo useradd -s /usr/bin/rssh -r -N -c "test" -G testgroup test
2. sudo passwd test
3. sudo usermod -a -G rsshusers test
4. Build libssh2
5. Run scp example
./example/example-scp 127.0.0.1 test test /tmp/f1.txt
Stuck and fails to read the file.
Libssh2 logs indicate rssh returned following error
insecure scp option not allowed.
This account is restricted by rssh.
Allowed commands: scp sftp
Looking at sshd debug mode logs indicated that scp is called "-pf" argument,
but the new validation
"static int scp_okay( char **vec )" did't take that into account causing the
failure.
It could be great if you could fix this issue.
** Affects: rssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815935
Title:
Regression in 2.3.4-4+deb8u1build0.16.04.1 on scp command parsing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rssh/+bug/1815935/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
