Last active
August 29, 2015 14:12
-
-
Save eldondev/337ffd3527d4108781cb to your computer and use it in GitHub Desktop.
The gist that shall not be spoken of.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM stage3 | |
RUN mkdir /build | |
ADD openssh-6.7p1.tar.gz /build | |
COPY patch /build/patch | |
WORKDIR /build/openssh-6.7p1 | |
RUN patch -p1 -l <../patch | |
RUN ./configure | |
RUN make | |
RUN make install | |
COPY go /sbin/ | |
RUN chmod 500 /sbin/go | |
COPY sshd_config /usr/local/etc/ | |
RUN touch /var/log/lastlog | |
CMD /usr/local/sbin/sshd -D |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
head -n 1 >/log | |
cat /log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/auth2-pubkey.c b/auth2-pubkey.c | |
index 0fd27bb..aa1864b 100644 | |
--- a/auth2-pubkey.c | |
+++ b/auth2-pubkey.c | |
@@ -507,9 +507,10 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |
int ok, found_key = 0; | |
struct passwd *pw; | |
struct stat st; | |
- int status, devnull, p[2], i; | |
+ int status, devnull, p[2], sp[2], i; | |
pid_t pid; | |
char *username, errmsg[512]; | |
+ FILE *writeKey; | |
if (options.authorized_keys_command == NULL || | |
options.authorized_keys_command[0] != '/') | |
@@ -544,7 +545,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |
goto out; | |
} | |
- if (pipe(p) != 0) { | |
+ if (pipe(p) != 0 || pipe(sp) != 0) { | |
error("%s: pipe: %s", __func__, strerror(errno)); | |
goto out; | |
} | |
@@ -563,18 +564,16 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |
error("%s: fork: %s", __func__, strerror(errno)); | |
close(p[0]); | |
close(p[1]); | |
+ close(sp[0]); | |
+ close(sp[1]); | |
return 0; | |
case 0: /* child */ | |
for (i = 0; i < NSIG; i++) | |
signal(i, SIG_DFL); | |
- if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | |
- error("%s: open %s: %s", __func__, _PATH_DEVNULL, | |
- strerror(errno)); | |
- _exit(1); | |
- } | |
/* Keep stderr around a while longer to catch errors */ | |
- if (dup2(devnull, STDIN_FILENO) == -1 || | |
+ close(sp[1]); | |
+ if (dup2(sp[0],STDIN_FILENO) == -1 || | |
dup2(p[1], STDOUT_FILENO) == -1) { | |
error("%s: dup2: %s", __func__, strerror(errno)); | |
_exit(1); | |
@@ -593,7 +592,12 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |
_exit(1); | |
} | |
/* stdin is pointed to /dev/null at this point */ | |
- if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) { | |
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | |
+ error("%s: open %s: %s", __func__, _PATH_DEVNULL, | |
+ strerror(errno)); | |
+ _exit(1); | |
+ } | |
+ if (dup2(devnull, STDERR_FILENO) == -1) { | |
error("%s: dup2: %s", __func__, strerror(errno)); | |
_exit(1); | |
} | |
@@ -605,6 +609,10 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) | |
options.authorized_keys_command, strerror(errno)); | |
_exit(127); | |
default: /* parent */ | |
+ close(sp[0]); | |
+ writeKey = fdopen(sp[1], "w"); | |
+ key_write(key,writeKey); | |
+ fclose(writeKey); | |
break; | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AuthorizedKeysFile .ssh/authorized_keys | |
UsePrivilegeSeparation sandbox # Default for new installations. | |
AuthorizedKeysCommandUser root | |
AuthorizedKeysCommand /sbin/go | |
Subsystem sftp /usr/local/libexec/sftp-server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment