Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / fd6dcef2030d23c43f986d26979f84619c10589d^! / . / sshd.8
commitfd6dcef2030d23c43f986d26979f84619c10589d[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Wed Nov 30 02:57:40 2016 +0000
committerDamien Miller <djm@mindrot.org>Wed Nov 30 19:44:01 2016 +1100
treea9b9d64866a656d5e187f7d63b61e1c1bede5e8f
parent7fc4766ac78abae81ee75b22b7550720bfa28a33 [diff] [blame]
upstream commit

When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, refuse to accept the
certificate unless they are identical.

The previous (documented) behaviour of having the certificate forced-
command override the other could be a bit confused and more error-prone.

Pointed out by Jann Horn of Project Zero; ok dtucker@

Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f

diff --git a/sshd.8 b/sshd.8
index 4cf8fee..41fc505 100644
--- a/sshd.8
+++ b/sshd.8

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.286 2016/08/19 03:18:06 djm Exp $
-.Dd $Mdocdate: August 19 2016 $
+.\" $OpenBSD: sshd.8,v 1.287 2016/11/30 02:57:40 djm Exp $
+.Dd $Mdocdate: November 30 2016 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -481,19 +481,27 @@
 one must not request a pty or should specify
 .Cm no-pty .
 A quote may be included in the command by quoting it with a backslash.
+.Pp
 This option might be useful
 to restrict certain public keys to perform just a specific operation.
 An example might be a key that permits remote backups but nothing else.
 Note that the client may specify TCP and/or X11
-forwarding unless they are explicitly prohibited.
+forwarding unless they are explicitly prohibited, e.g. using the
+.Cm restrict
+key option.
+.Pp
 The command originally supplied by the client is available in the
 .Ev SSH_ORIGINAL_COMMAND
 environment variable.
 Note that this option applies to shell, command or subsystem execution.
-Also note that this command may be superseded by either a
+Also note that this command may be superseded by a
 .Xr sshd_config 5
 .Cm ForceCommand
-directive or a command embedded in a certificate.
+directive.
+.Pp
+If a command is specified and a forced-command is embedded in a certificate
+used for authentication, then the certificate will be accepted only if the
+two commands are identical.
 .It Cm environment="NAME=value"
 Specifies that the string is to be added to the environment when
 logging in using this key.