This removes the environment variable parsing code from the SSH server,
which never worked in the first place. Since environment variable
passing doesn't appear to be necessary for the built-in SSH server to
work properly, it's removed to reduce attack surface rather than fixing
it.
The current code processes (untrusted) input in a buggy manner and
passes it to a process invocation which doesn't actually do anything. I
don't *think* this is an exploitable vulnerability but I haven't looked
at it in detail, and it wouldn't really surprise me if it was.
Closes#1935, an alternative proposal which which partially fixes the
environment variable handling but ultimately still leaves it broken.
Signed-off-by: Hugo Landau <hlandau@devever.net>
* Configurable SSH cipher suite
* Update configuration file comment
* Add default in settings loading code
* Fix fmt and log messsage
* Remove default from code as this could probably might not be good idea
This change corrects a few logging issues:
* Standardized formatting errors with '%v'.
* Standardized failure warning word usage.
* Corrected an instance of using the standard log library when
the gitea log library should be used instead.
When use builtin SSH server with concurrent operations, there are probabilities
One connection could use the command from another connections.
Fix this by set SSH_ORIGINAL_COMMAND for each command, not set in global scope.
According to the docs [1], the Reply method must be called for all
requests where WantReply is true. This fixes a hanging java ssh
implementation (jsch) which sets WantReply flag and waits for reply from
the server.
[1] https://godoc.org/golang.org/x/crypto/ssh#Request.Reply
