Bug 3361 - document that SessionType none prevents e.g. execution of authorized_keys’ command=
Summary: document that SessionType none prevents e.g. execution of authorized_keys’ co...
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 8.7p1
Hardware: Other All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-07 03:25 AEDT by Christoph Anton Mitterer
Modified: 2021-11-10 10:09 AEDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2021-11-07 03:25:46 AEDT
Hey.

It seems that when "SessionType none" one does not only get no interactive login (as the novice user might assume), but also any commands specified for execution on the remote side, like authorized_keys’ command= feature aren't invoked.

Perhaps it's worth to mention that briefly in the manpage.

Cheers,
Chris.
Comment 1 Damien Miller 2021-11-10 10:04:22 AEDT
This is the current description in the manpage:

> SessionType
>     May be used to either request invocation of a subsystem on the
>     remote system, or to prevent the execution of a remote command at
>     all.  The latter is useful for just forwarding ports.  The argu‐
>     ment to this keyword must be *none* (same as the -N option),
>     *subsystem* (same as the -s option) or *default* (shell or command
>     execution).

IMO this is pretty clear already - the first sentence mentions the behaviour of blocking all shell/command execution and the third describes which does which.
Comment 2 Christoph Anton Mitterer 2021-11-10 10:09:52 AEDT
Well, but you're a core OpenSSH developer, knowing the code at it's heart ;-)

For an admin/end-user it may easily be not that obvious, given that the command is already specified on the server (and not via the client) and especially given that the connecting client has no choice in overriding that command.

Anyway, was just a suggestion.

Feel free to close if you think it's not necessary.

Cheers,
Chris.