** Description changed: - SSH_ORIGINAL_COMMAND env variable has an extra white space at the end of - its value + [ Impact ] + Users upgrading from Ubuntu 22.04 (Jammy) to 24.04 (Noble) find that scripts relying on exact string matching for the $SSH_ORIGINAL_COMMAND environment variable fail when using SFTP. OpenSSH in Noble appends a trailing space to the subsystem command (e.g., "/usr/lib/openssh/sftp-server ") + + This fix backports a change from upstream OpenSSH that ensures the + command string is properly terminated without the gratious trailing + space, restoring compatibility with existing scripts. + + [Test Plan] + 1. Create an lxd Noble container and run the following script: + # Create a dummy test user + sudo useradd -m -s /bin/bash testuser + sudo mkdir -p /home/testuser/.ssh + # Create a debugging script + cat << 'EOF' | sudo tee /usr/local/bin/debug_ssh.sh + #!/bin/bash + # Print the command surrounded by brackets to see spaces + echo "Raw variable: [$SSH_ORIGINAL_COMMAND]" + EOF + # make script executable + sudo chmod +x /usr/local/bin/debug_ssh.sh + # Generate a dummy key + ssh-keygen -t ed25519 -f ./test_key -N "" + # Add to authorized_keys with the forced command + KEY_DATA=$(cat ./test_key.pub) + echo "command=\"/usr/local/bin/debug_ssh.sh\" $KEY_DATA" | sudo tee /home/testuser/.ssh/authorized_keys + # Set the appropriate permissions + sudo chown -R testuser:testuser /home/testuser/.ssh + sudo chmod 700 /home/testuser/.ssh + sudo chmod 600 /home/testuser/.ssh/authorized_keys + + 2. Run the following command to reproduce the issue: + ssh -i ./test_key -s testuser@localhost sftp + + Output shows: [/usr/lib/openssh/sftp-server ] (with the space) + + 3. Apply the patch and build the package locally and rerun the above + command to verify the fix. Output should show Raw variable: + [/usr/lib/openssh/sftp-server] (No trailing space) + + [ Where problems could occur ] + The change is localised to how session.c constructs the command string for subsystems. + + Potential Regression: If a user has specifically written a workaround + script in Noble that expects the trailing space (e.g., matching *sftp- + server ), this patch would break that workaround. However, since this + behaviour is a regression from Jammy and violates standard string + expectations, the risk is considered low compared to the benefit of + restoring standard behaviour. + + Scope: The patch specifically targets the internal command construction + logic in session.c, so it should not affect general SSH shell sessions + or non-subsystem commands. + + [ Other Info ] + The fix is already committed upstream in OpenSSH Portable. The issue is not found in newer version on Ubuntu and neither in Jammy.
** Description changed: [ Impact ] Users upgrading from Ubuntu 22.04 (Jammy) to 24.04 (Noble) find that scripts relying on exact string matching for the $SSH_ORIGINAL_COMMAND environment variable fail when using SFTP. OpenSSH in Noble appends a trailing space to the subsystem command (e.g., "/usr/lib/openssh/sftp-server ") This fix backports a change from upstream OpenSSH that ensures the command string is properly terminated without the gratious trailing space, restoring compatibility with existing scripts. [Test Plan] 1. Create an lxd Noble container and run the following script: # Create a dummy test user sudo useradd -m -s /bin/bash testuser sudo mkdir -p /home/testuser/.ssh - # Create a debugging script + # Create a debugging script cat << 'EOF' | sudo tee /usr/local/bin/debug_ssh.sh #!/bin/bash # Print the command surrounded by brackets to see spaces echo "Raw variable: [$SSH_ORIGINAL_COMMAND]" EOF # make script executable sudo chmod +x /usr/local/bin/debug_ssh.sh # Generate a dummy key ssh-keygen -t ed25519 -f ./test_key -N "" # Add to authorized_keys with the forced command KEY_DATA=$(cat ./test_key.pub) echo "command=\"/usr/local/bin/debug_ssh.sh\" $KEY_DATA" | sudo tee /home/testuser/.ssh/authorized_keys - # Set the appropriate permissions + # Set the appropriate permissions sudo chown -R testuser:testuser /home/testuser/.ssh sudo chmod 700 /home/testuser/.ssh sudo chmod 600 /home/testuser/.ssh/authorized_keys 2. Run the following command to reproduce the issue: ssh -i ./test_key -s testuser@localhost sftp Output shows: [/usr/lib/openssh/sftp-server ] (with the space) 3. Apply the patch and build the package locally and rerun the above command to verify the fix. Output should show Raw variable: [/usr/lib/openssh/sftp-server] (No trailing space) [ Where problems could occur ] The change is localised to how session.c constructs the command string for subsystems. Potential Regression: If a user has specifically written a workaround script in Noble that expects the trailing space (e.g., matching *sftp- server ), this patch would break that workaround. However, since this behaviour is a regression from Jammy and violates standard string expectations, the risk is considered low compared to the benefit of restoring standard behaviour. Scope: The patch specifically targets the internal command construction logic in session.c, so it should not affect general SSH shell sessions or non-subsystem commands. [ Other Info ] - The fix is already committed upstream in OpenSSH Portable. The issue is not found in newer version on Ubuntu and neither in Jammy. + The fix is already committed upstream in OpenSSH Portable. The issue is not found in newer versions of Ubuntu and neither in Jammy. ** Description changed: [ Impact ] Users upgrading from Ubuntu 22.04 (Jammy) to 24.04 (Noble) find that scripts relying on exact string matching for the $SSH_ORIGINAL_COMMAND environment variable fail when using SFTP. OpenSSH in Noble appends a trailing space to the subsystem command (e.g., "/usr/lib/openssh/sftp-server ") This fix backports a change from upstream OpenSSH that ensures the command string is properly terminated without the gratious trailing space, restoring compatibility with existing scripts. [Test Plan] 1. Create an lxd Noble container and run the following script: # Create a dummy test user sudo useradd -m -s /bin/bash testuser sudo mkdir -p /home/testuser/.ssh # Create a debugging script cat << 'EOF' | sudo tee /usr/local/bin/debug_ssh.sh #!/bin/bash # Print the command surrounded by brackets to see spaces echo "Raw variable: [$SSH_ORIGINAL_COMMAND]" EOF # make script executable sudo chmod +x /usr/local/bin/debug_ssh.sh # Generate a dummy key ssh-keygen -t ed25519 -f ./test_key -N "" # Add to authorized_keys with the forced command KEY_DATA=$(cat ./test_key.pub) echo "command=\"/usr/local/bin/debug_ssh.sh\" $KEY_DATA" | sudo tee /home/testuser/.ssh/authorized_keys # Set the appropriate permissions sudo chown -R testuser:testuser /home/testuser/.ssh sudo chmod 700 /home/testuser/.ssh sudo chmod 600 /home/testuser/.ssh/authorized_keys 2. Run the following command to reproduce the issue: + ssh -i ./test_key -s testuser@localhost sftp - Output shows: [/usr/lib/openssh/sftp-server ] (with the space) 3. Apply the patch and build the package locally and rerun the above - command to verify the fix. Output should show Raw variable: - [/usr/lib/openssh/sftp-server] (No trailing space) + command to verify the fix. Output should show: [/usr/lib/openssh/sftp- + server] (No trailing space) [ Where problems could occur ] The change is localised to how session.c constructs the command string for subsystems. Potential Regression: If a user has specifically written a workaround script in Noble that expects the trailing space (e.g., matching *sftp- server ), this patch would break that workaround. However, since this behaviour is a regression from Jammy and violates standard string expectations, the risk is considered low compared to the benefit of restoring standard behaviour. Scope: The patch specifically targets the internal command construction logic in session.c, so it should not affect general SSH shell sessions or non-subsystem commands. [ Other Info ] The fix is already committed upstream in OpenSSH Portable. The issue is not found in newer versions of Ubuntu and neither in Jammy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2147690 Title: SSH_ORIGINAL_COMMAND env variable has an extra white space at the end of its value To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2147690/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
