Using ProxyCommand w/a non-existant host results in infinite spawns.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Version: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
Package: openssh-client
Today we discovered a possible bug in the OpenSSH-Client package (openssh) that happens when you enable ProxyCommand with a non-existant hostname. This bug is easily replicated with the default example in /etc/ssh/
I have flagged this as a security bug (but ultimately it's up to ya'll if it is) because any user can do this and take down any server quite easily by adding add a bad ProxyCommand to their ~/.ssh/config. I was able to take out one of my personal servers (which happens to be a pretty big server) within a few minutes.
summary: |
- Using ProxyCommand with a non-existant URL results in infinite spawns. + Using ProxyCommand with a non-existant host results in infinite spawns. |
summary: |
- Using ProxyCommand with a non-existant host results in infinite spawns. + Using ProxyCommand w/a non-existant host results in infinite spawns. |
Changed in openssh (Ubuntu): | |
status: | Invalid → New |
status: | New → Invalid |
Hi Jordon
Thanks for taking the time to report this bug in Ubuntu.
By just uncommenting that one line you will create a proxy loop - the gateway.example.com needs to be setup with a "ProxyCommand None" entry as well. So its nothing todo with a non-existent host - its just a misconfiguration IMHO.
I was not able to take down a 12.04 server - I quickly got an out-of-memory error and the ssh command terminated.