[plug] Novel way to port forward over ssh
Craig Ringer
craig at postnewspapers.com.au
Mon Jan 3 23:59:54 WST 2005
On Mon, 2005-01-03 at 22:20 +0800, Bernard Blackham wrote:
> On Mon, Jan 03, 2005 at 05:56:34PM +0400, Brad Campbell wrote:
> > Of course I have a passwordless ssh key setup to my ISP account. (All
> > machines set up like this are behind a NAT firewall with no holes so I'm
> > not really that concerned about the security or lack thereof, of this setup)
>
> And if you were paranoid, you could utilize the command= option on
> ssh keys to *only* allow certain commands.
> (http://dagobah.ucc.asn.au/things/secure-backups.html for more
> info... :)
I've actually run into a really weird problem with doing that.
Bizarrely, ssh is doing LF->CRLF conversion on the output stream when
sending data from a command that was run using 'command=' in
authorized_keys. If the command is run as the normal command argument on
ssh rather than forced in authorized_keys, the line ending conversion is
not done.
The server is running Debian Woody, so I'll be upgrading sshd soon to
see if that fixes it.
I've found other reports of some of the symptoms of this (such as
corrupt gzip data) but no reports of it being identified as line ending
conversion. Nonetheless, I've been able to confirm that's what's
happening ... mighty strange.
--
Craig Ringer
More information about the plug
mailing list