Bug 3361

Summary: document that SessionType none prevents e.g. execution of authorized_keys’ command=
Product: Portable OpenSSH Reporter: Christoph Anton Mitterer <calestyo>
Component: DocumentationAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement CC: djm
Priority: P5    
Version: 8.7p1   
Hardware: Other   
OS: All   

Description Christoph Anton Mitterer 2021-11-07 03:25:46 AEDT 
Hey.

It seems that when "SessionType none" one does not only get no interactive login (as the novice user might assume), but also any commands specified for execution on the remote side, like authorized_keys’ command= feature aren't invoked.

Perhaps it's worth to mention that briefly in the manpage.

Cheers,
Chris.
Comment 1 Damien Miller 2021-11-10 10:04:22 AEDT 
This is the current description in the manpage:

> SessionType
>     May be used to either request invocation of a subsystem on the
>     remote system, or to prevent the execution of a remote command at
>     all.  The latter is useful for just forwarding ports.  The argu‐
>     ment to this keyword must be *none* (same as the -N option),
>     *subsystem* (same as the -s option) or *default* (shell or command
>     execution).

IMO this is pretty clear already - the first sentence mentions the behaviour of blocking all shell/command execution and the third describes which does which.
Comment 2 Christoph Anton Mitterer 2021-11-10 10:09:52 AEDT 
Well, but you're a core OpenSSH developer, knowing the code at it's heart ;-)

For an admin/end-user it may easily be not that obvious, given that the command is already specified on the server (and not via the client) and especially given that the connecting client has no choice in overriding that command.

Anyway, was just a suggestion.

Feel free to close if you think it's not necessary.

Cheers,
Chris.