openssh-unix-dev August 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: sshd’s ForceCommand and ssh’s "

Re: sshd’s ForceCommand and ssh’s "–N Do not execute a remote command"

From: Damien Miller <djm_at_nospam>
Date: Mon Aug 01 2011 - 18:22:21 GMT
To: Oleg Verych <olecom@gmail.com>

No, our sshd can't refuse -N. Such a thing is hackish to implement (how
do you distinguish between a client that doesn't open a cmd/shell channel
from one that is merely slow in doing so? what about multiplexing?) and
mostly nonsensical too.

On Mon, 1 Aug 2011, Oleg Verych wrote:

> Hi,
>
> 2011/7/29 Oleg Verych <olecom@gmail.com>:
>
> > If `sshd` is configured to have a ForceCommand, no `ssh ?N` must skip
> > this *forced* server?s setup, isn?t it?
> >
> > But it isn?t so. Thus, admin may think that the command is forced by a server,
> > but user can skip that.
> >
> > In such case only port forwarding is available, but anyway *force* is
> > meaningless, IMHO.
>
> there is more info about this, in case you don't know:
> ***
> Can server disallow -N option?
> http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ea54d720ca056c99/11a67bc5f2eac619
> ***
> ________
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev