- djm@cvs.openbsd.org 2012/11/04 10:38:43
[auth2-pubkey.c sshd.c sshd_config.5]
Remove default of AuthorizedCommandUser. Administrators are now expected
to explicitly specify a user. feedback and ok markus@
diff --git a/sshd.c b/sshd.c
index eff0290..4ad1a4b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.394 2012/10/30 21:29:55 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.395 2012/11/04 10:38:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1559,6 +1559,13 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
+ /* Check that options are sensible */
+ if (options.authorized_keys_command_user == NULL &&
+ (options.authorized_keys_command != NULL &&
+ strcasecmp(options.authorized_keys_command, "none") != 0))
+ fatal("AuthorizedKeysCommand set without "
+ "AuthorizedKeysCommandUser");
+
/* set default channel AF */
channel_set_af(options.address_family);