Debian Bug report logs - #159762
ssh: Sshd should always run a login shell.

version graph

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh.

Reported by: "Norbert Veber" <nveber@pyre.virge.net>

Date: Thu, 5 Sep 2002 18:33:02 UTC

Severity: important

Found in version 1:3.4p1-2

Done: Matthew Vernon <matthew@sel.cam.ac.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#159762; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to "Norbert Veber" <nveber@pyre.virge.net>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Norbert Veber" <nveber@pyre.virge.net>
To: "Debian Bug Tracking System" <submit@bugs.debian.org>
Subject: ssh: Sshd should always run a login shell.
Date: Thu, 05 Sep 2002 14:18:40 -0400
Package: ssh
Version: 1:3.4p1-2
Severity: important

Currently, when logging in to a machine 'regularly', sshd will start an
interactive login shell.  However, when using ssh to run a remote
cammand, it runs a non-interactive, non-login shell.

This is wrong, as every login or session (which is what ssh provides)
needs to start with a login shell.  Once the login shell has configured
the environment, subsequent non-login shells can be spawned, and they
will inherit the environment.  Therefore, when executing commands,
a non-ineractive, login shell should be run.  Infact, ssh should
never start non-login shells no matter what its doing (running a
command, sftp, etc).

Some shells, like bash have even tried to work around this ssh bug, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88032&repeatmerged=yes
and
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=159754&repeatmerged=yes

Even ssh has tried to work around its own brokennes, by allowing users
to create a ~/.ssh/environment file.  Ssh has no business setting my
environment, it should be done by my ~/.bash_profile or whatever file my
shell uses.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux pyre.virge.net 2.4.19 #1 Mon Aug 12 22:50:45 EDT 2002 i686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8

Versions of packages ssh depends on:
ii  adduser                     3.48         Add and remove users and groups
ii  debconf                     1.1.28       Debian configuration management sy
ii  libc6                       2.2.5-14     GNU C Library: Shared libraries an
ii  libpam-modules              0.72-35      Pluggable Authentication Modules f
ii  libpam0g                    0.72-35      Pluggable Authentication Modules l
ii  libssl0.9.6                 0.9.6g-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-2 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-3    compression library - runtime

-- debconf information:
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
* ssh/forward_warning: 
  ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/rootlogin_warning: 
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: true
* ssh/protocol2_default: 
* ssh/privsep_tell: 
* ssh/ssh2_keys_merged: 
  ssh/ancient_version: 
  ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true




Reply sent to Matthew Vernon <matthew@sel.cam.ac.uk>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Norbert Veber" <nveber@pyre.virge.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 159762-done@bugs.debian.org (full text, mbox):

From: Matthew Vernon <matthew@sel.cam.ac.uk>
To: "Norbert Veber" <nveber@pyre.virge.net>, 159762-done@bugs.debian.org
Subject: Bug#159762: ssh: Sshd should always run a login shell.
Date: Fri, 6 Sep 2002 01:05:27 +0100
 > Currently, when logging in to a machine 'regularly', sshd will start an
 > interactive login shell.  However, when using ssh to run a remote
 > cammand, it runs a non-interactive, non-login shell.
 
Consider the -t and -T options. And considering whether xterm has this
bug as well.

Matthew 

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org



Message #11 received at 159762-done@bugs.debian.org (full text, mbox):

From: Norbert Veber <nveber@debian.org>
To: Matthew Vernon <matthew@sel.cam.ac.uk>
Cc: 159762-done@bugs.debian.org
Subject: Re: Bug#159762: ssh: Sshd should always run a login shell.
Date: Thu, 5 Sep 2002 21:09:09 -0400
[Message part 1 (text/plain, inline)]
On Fri, Sep 06, 2002 at 01:05:27AM +0100, Matthew Vernon wrote:
> 
>  > Currently, when logging in to a machine 'regularly', sshd will start an
>  > interactive login shell.  However, when using ssh to run a remote
>  > cammand, it runs a non-interactive, non-login shell.
>  
> Consider the -t and -T options. And considering whether xterm has this
> bug as well.

I dont see what the -t and -T options have to do with this?  I was
asking for a non-interactive login shell, which doesnt require a
terminal, since its not interactive.

As far as xterm goes, it doesnt provide a login session.  Xterms are
usually started by your window manager after you have logged in, and
will inherit the environment from the login session.  Of course xterms
can provide a login session with the -ls option.

In any event, I dont see what your justification for closing the bug is.
You have actually acknowledged that it is a bug, but closed it none the
less?  Can we at least find out why upstream chose to do it this way?

Thanks,

Norbert
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#159762; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Norbert Veber <nveber@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #16 received at 159762@bugs.debian.org (full text, mbox):

From: Norbert Veber <nveber@debian.org>
To: Matthew Vernon <matthew@sel.cam.ac.uk>
Cc: 159762@bugs.debian.org
Subject: Re: Bug#159762: ssh: Sshd should always run a login shell.
Date: Fri, 6 Sep 2002 10:46:01 -0400
[Message part 1 (text/plain, inline)]
I forgot to mention that this bug report was prompted by a discussion on
-devel.  Here is a link to a message with a good explanation of why this
is a problem:
http://lists.debian.org/debian-devel/2002/debian-devel-200209/msg00381.html
[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 22:13:07 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.