Date: Mon, 10 Nov 2008 00:09:54 +0200 From: Manolis Kiagias <sonic2000gr@gmail.com> To: Christopher Key <cjk32@cam.ac.uk> Cc: freebsd-questions@freebsd.org Subject: Re: Hashes in scp usernames (OpenSSH bug 472) Message-ID: <49175FB2.3020307@gmail.com> In-Reply-To: <49175736.7060800@cam.ac.uk> References: <49175736.7060800@cam.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Key wrote: > Hello, > > I've come upon OpenSSH bug 472, whereby scp refuses usernames > containing a '#' character, dieing with 'invalid user name'. Both > rsync and ssh accept such usernames, and after looking at > /usr/src/crypto/openssh/scp.c, it would appear that scp also allows > such usernames for the source, but not the destination. > > I've several questions: > > 1) Is there any specific reason why scp behaves like this, and > specifically why does it only attempt to validate the destination user > name and not the source? > > 2) Assuming it is safe to drop the username validation, I can quite > happily modify the code as appropriate. However, I'm not sure how to > rebuild and update with minimum fuss. I really only need to rebuild > scp and install the new binary, can I do this easily without a full > make buildworld; make installworld? > > 3) Assuming that there's no additional reason not to remove the > username validation, how should I go about submitting a change request > to get this modification made in CURRENT, and MFCed as appropriate? > > Kind Regards, > > Chris Key > > I don't know whether any of this is a good idea (there might be a very good reason why it is programmed this way, generally stuff in 'secure' is rather sensitive), but to answer your second question, you would simply do: # cd /usr/src/secure/usr.bin/scp # make # make install Since OpenSSH comes from OpenBSD, it may be worth trying asking someone over there too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49175FB2.3020307>