Bug 1290 - sshd dies if passed host key with relative path on command line
Summary: sshd dies if passed host key with relative path on command line
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.5p1
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_4
  Show dependency treegraph
 
Reported: 2007-03-02 11:25 AEDT by Marc Bejarano
Modified: 2010-03-26 10:51 AEDT (History)
2 users (show)

See Also:

Attachments
require absolute paths (1.78 KB, patch)
2007-05-18 16:58 AEST, Damien Miller 		no flags Details | Diff
better patch (2.42 KB, patch)
2007-05-18 17:18 AEST, Damien Miller 		no flags Details | Diff
Working patch (2.43 KB, patch)
2007-05-18 17:25 AEST, Damien Miller 		dtucker: ok+
Details | Diff
/home/djm/sshd-abspath.diff (2.97 KB, patch)
2010-01-13 14:32 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Bejarano 2007-03-02 11:25:50 AEDT 
the following works fine on linux:
root@ubuntu1:/test# /usr/sbin/sshd -D -h ssh_host_dsa_key -p 6789

on FreeBSD and OSX, once a client connects, the server exits.
changing the path for the host key to an absolute one allows the server to function normally:
beejmacbook:/test beej$ /opt/local/sbin/sshd -h /test/ssh_host_dsa_key -D -ddd -p 6789
Comment 1 Darren Tucker 2007-03-05 11:51:05 AEDT 
What version is it that you're testing on Linux, and do you see the same results with a version built form vanilla source?

I suspect it's not dependant on the the OS but rather on whether or not re-exec is enabled.
Comment 2 Marc Bejarano 2007-03-05 16:15:05 AEDT 
the testing i did for this bug report was with ubuntu's sshd 
OpenSSH_4.3p2 from their 4.3p2-5ubuntu1 deb.

anyway, using vanilla 4.5p1 source with all defaults on the same linux test box does indeed break things like the other OS's when using a relative path for host key.  and adding the -r flag fixes things again so you're right about this being related to re-exec :)
Comment 3 Damien Miller 2007-05-18 16:58:40 AEST 
Created attachment 1288 [details]
require absolute paths

It is pretty easy to fix the specific case of the '-h' option not accepting relative paths, but fixing the more general problem of paths specified on the commandline using -oConfigItem=value or in configuration files is surprisingly tricky because of the way we pass the configuration between the original sshd instance and the re-executed child.

Rather than writing a lot of code to fix this edge case, I think it is better that we just make the requirement to use absolute paths explicit and provide error feedback when the daemon is started, not when it tries to accept a connection.
Comment 4 Damien Miller 2007-05-18 17:18:56 AEST 
Created attachment 1289 [details]
better patch

Actually, the last patch had two bugs: it broke the AuthorizedKeysFile directive (which allows paths relative to $HOME) and absolute paths specified using ~/ or ~user/. This one fixes these problems.
Comment 5 Damien Miller 2007-05-18 17:25:37 AEST 
Created attachment 1290 [details]
Working patch

It helps if one saves the file that one is working on before making a broken patch and posting it for the world to see...
Comment 6 Darren Tucker 2009-07-31 11:25:14 AEST 
target for 5.4
Comment 7 Damien Miller 2010-01-13 14:32:05 AEDT 
Created attachment 1776 [details]
/home/djm/sshd-abspath.diff

de-relativise host key paths
Comment 8 Damien Miller 2010-01-13 14:33:21 AEDT 
Comment on attachment 1776 [details]
/home/djm/sshd-abspath.diff

ignore the Makefile.inc hunk
Comment 9 Darren Tucker 2010-01-13 14:47:13 AEDT 
Comment on attachment 1776 [details]
/home/djm/sshd-abspath.diff

ok minus the XXX debugs.
Comment 10 Damien Miller 2010-01-13 14:48:51 AEDT 
revised patch applied, so this will be in OpenSSH 5.4. Thanks for the report.
Comment 11 Darren Tucker 2010-03-26 10:51:25 AEDT 
With the release of 5.4p1, this bug is now considered closed.