https://bugzilla.mindrot.org/show_bug.cgi?id=3503
Bug ID: 3503
Summary: OpenSSH tries executing banner as command
Product: Portable OpenSSH
Version: 8.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: mateusz.gierblinski@gmail.com
Created attachment 3626
--> https://bugzilla.mindrot.org/attachment.cgi?id=3626&action=edit
Proof of Concept
Hi there,
On default Fedora 37 installation I found an interesting issue. In my
home directory I have the following config:
Host redhat
HostName 192.16.122.253
User mto
#Identityfile /home/mto/.ssh/id_ed25519
ProxyCommand ssh -T -i /home/mto/.ssh/id_ed25519
mto@192.168.122.253
When I'm trying to connect, I receive the following message:
-bash: line 1: $'SSH-2.0-OpenSSH_8.8\r': command not found
As you can see, OpenSSH tries to execute banner version as command.
Based on the StackOverflow (link:
https://unix.stackexchange.com/questions/269024/change-ssh-banner-which-is-grabbed-by-netcat)
we can modify banner and it has to be exactly 11 characters long,
otherwise the binary gets corrupted.
Please refer to provided screenshot for proof.
Thanks,
Mateusz
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3503
Summary: OpenSSH tries executing banner as command
Product: Portable OpenSSH
Version: 8.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: mateusz.gierblinski@gmail.com
Created attachment 3626
--> https://bugzilla.mindrot.org/attachment.cgi?id=3626&action=edit
Proof of Concept
Hi there,
On default Fedora 37 installation I found an interesting issue. In my
home directory I have the following config:
Host redhat
HostName 192.16.122.253
User mto
#Identityfile /home/mto/.ssh/id_ed25519
ProxyCommand ssh -T -i /home/mto/.ssh/id_ed25519
mto@192.168.122.253
When I'm trying to connect, I receive the following message:
-bash: line 1: $'SSH-2.0-OpenSSH_8.8\r': command not found
As you can see, OpenSSH tries to execute banner version as command.
Based on the StackOverflow (link:
https://unix.stackexchange.com/questions/269024/change-ssh-banner-which-is-grabbed-by-netcat)
we can modify banner and it has to be exactly 11 characters long,
otherwise the binary gets corrupted.
Please refer to provided screenshot for proof.
Thanks,
Mateusz
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs