In upgrading from ssh-1.1.25 to openssh-2.1.1p1, I've come
across a pair of incompatibilities not mentioned in the UPGRADING
list. The first involves the authorized_keys file:
n. No un-quoted spaces are permitted in the options field of the
authorized_keys file.
While this was documented as a restriction in F-Secure SSH, in
practice this was not enforced. OpenSSH does enforce this
restriction.
The second involves both the sshd_config and authorized_keys
files. I encountered it with the authorized_keys file (as it made a
key unusable), and I haven't tested how the OpenSSH sshd reacts to
having the unavailable flags in sshd_config:
m. Options unavailable in sshd_options and authorized_keys.
The AccountExpireWarningDays, AllowForwardingPort, AllowForwardingTo,
AllowHosts, AllowSHosts, AllowTcpForwarding, DenyForwardingPort,
DenyForwardingTo, DenyHosts, DenySHosts, DenyTcpForwarding,
ForcedEmptyPasswdChange, ForcedPasswdChange, IdleTimeout,
IgnoreRootRhosts, PasswordExpireWarningDays, SilentDeny,
TISAuthentication, and Umask options are not available in sshd_options.
Similarly, the allowforwardingport, allowforwardingto,
denyforwardingport, and denyforwardingto options are not available in
authorized_keys.
--
#include <disclaimer.h> /* Sten Drescher */
"This is the *NIX version of the 'ILOVEYOU' worm. It runs on the honor
system. Forward this to everyone in your address book, and randomly delete
some of your files." - Unknown
across a pair of incompatibilities not mentioned in the UPGRADING
list. The first involves the authorized_keys file:
n. No un-quoted spaces are permitted in the options field of the
authorized_keys file.
While this was documented as a restriction in F-Secure SSH, in
practice this was not enforced. OpenSSH does enforce this
restriction.
The second involves both the sshd_config and authorized_keys
files. I encountered it with the authorized_keys file (as it made a
key unusable), and I haven't tested how the OpenSSH sshd reacts to
having the unavailable flags in sshd_config:
m. Options unavailable in sshd_options and authorized_keys.
The AccountExpireWarningDays, AllowForwardingPort, AllowForwardingTo,
AllowHosts, AllowSHosts, AllowTcpForwarding, DenyForwardingPort,
DenyForwardingTo, DenyHosts, DenySHosts, DenyTcpForwarding,
ForcedEmptyPasswdChange, ForcedPasswdChange, IdleTimeout,
IgnoreRootRhosts, PasswordExpireWarningDays, SilentDeny,
TISAuthentication, and Umask options are not available in sshd_options.
Similarly, the allowforwardingport, allowforwardingto,
denyforwardingport, and denyforwardingto options are not available in
authorized_keys.
--
#include <disclaimer.h> /* Sten Drescher */
"This is the *NIX version of the 'ILOVEYOU' worm. It runs on the honor
system. Forward this to everyone in your address book, and randomly delete
some of your files." - Unknown