Source: dput
Version: 1.1.0
Severity: important
X-Debbugs-Cc: raph...@freexian.com
This is the equivalent of #1011063 for dput instead of dput-ng.
When you run dput with openssh >= 9, and when dput is configured to use
"scp", "scp" will rely on the sftp protocol to do its job (unless you
pass the -O command line parameter).
When the server side has configured a forced command to restrict scp to a
specific directory (which is a good practice given scp's deficiencies),
then scp will badly fail.
Here's an example script that is configured with a ForceCommand associated
to the SSH key used for upload:
----
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
scp\ *)
exec scp -p -d -t /srv/deb.freexian.com/extended-lts/incoming
;;
chmod\ *)
find /srv/deb.freexian.com/extended-lts/incoming -user
$(whoami) -type f | xargs --no-run-if-empty chmod 0644
exit 0
;;
*)
echo "ERROR: Forbidden command: $SSH_ORIGINAL_COMMAND"
echo "This SSH access can only be used to upload Debian
packages."
exit 1
;;
esac
----
A recent scp will call /usr/lib/sftp-server as the remote command and the
case will match the third case and the sftp protocol will be confused by
the answer.
There's no good way to tweak that script to force sftp-server to be
restricted to a specific directory.
So either you switch to always "sftp" and do some other setup to restrict
sftp (with the Chroot directive), or you switch to "always plain scp"
by passing -O when you call scp.
Thus I'm suggesting that dput starts passing -O to scp when it detects a
recent OpenSSH. Or at least that it offers a way to pass command line
options to scp.
AfAIK ssh_config_options does not work for this. I's not an option that
can be passed to "-o" and it's really specific to scp and not to ssh
(which also gets called for the chmod IIRC).
Note that my "proper" fix to this regression has been to force usage of
sftp and to restrict sftp-server to a chroot, but dput has no support of
sftp so I had to switch to dput-ng. It would certainly makes sense for
dput to gain an sftp method!
Cheers,
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500,
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
