OpenSSH: spaces in user name - SSH

This is a discussion on OpenSSH: spaces in user name - SSH ; I thought I remembered reading somewhere that one of the recent patches to OpenSSH disabled the ability to connect with a user name that contains spaces. Am I remembering correctly? Anyone know anything about this? Also does it affect users ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: OpenSSH: spaces in user name

  1. OpenSSH: spaces in user name

    I thought I remembered reading somewhere that one of the recent patches
    to OpenSSH disabled the ability to connect with a user name that
    contains spaces. Am I remembering correctly? Anyone know anything about
    this? Also does it affect users authenticated with a public key?
    --
    To reply by email remove "_nospam"

  2. Re: OpenSSH: spaces in user name

    On 2006-03-14, Chuck wrote:
    > I thought I remembered reading somewhere that one of the recent patches
    > to OpenSSH disabled the ability to connect with a user name that
    > contains spaces. Am I remembering correctly?


    Not exactly. The problem was spaces in usernames passed to scp:
    http://bugzilla.mindrot.org/show_bug.cgi?id=1164

    'ssh "foo bar@somehost"' still works, and in the next version the User
    directive in the config file (and any other directive for that matter)
    can also have spaces if it's surrounded by double-quotes:
    http://bugzilla.mindrot.org/show_bug.cgi?id=482

    > Also does it affect users authenticated with a public key?


    Yes. Username handling in the client is is independant of the auth type.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: OpenSSH: spaces in user name

    Darren Tucker wrote:
    > On 2006-03-14, Chuck wrote:
    >> I thought I remembered reading somewhere that one of the recent patches
    >> to OpenSSH disabled the ability to connect with a user name that
    >> contains spaces. Am I remembering correctly?

    >
    > Not exactly. The problem was spaces in usernames passed to scp:
    > http://bugzilla.mindrot.org/show_bug.cgi?id=1164
    >
    > 'ssh "foo bar@somehost"' still works, and in the next version the User
    > directive in the config file (and any other directive for that matter)
    > can also have spaces if it's surrounded by double-quotes:
    > http://bugzilla.mindrot.org/show_bug.cgi?id=482
    >
    >> Also does it affect users authenticated with a public key?

    >
    > Yes. Username handling in the client is is independant of the auth type.
    >


    Is the problem in the client or server? If it's in the client I have
    nothing to worry about. I'm using Putty for tunnels, and winscp3 for
    sftp. I don't use scp at all. Not with the username that includes spaces
    anyway.

  4. Re: OpenSSH: spaces in user name

    In comp.security.ssh Chuck :
    > Darren Tucker wrote:
    >> On 2006-03-14, Chuck wrote:
    >>> I thought I remembered reading somewhere that one of the recent patches
    >>> to OpenSSH disabled the ability to connect with a user name that
    >>> contains spaces. Am I remembering correctly?

    >>
    >> Not exactly. The problem was spaces in usernames passed to scp:
    >> http://bugzilla.mindrot.org/show_bug.cgi?id=1164
    >>
    >> 'ssh "foo bar@somehost"' still works, and in the next version the User
    >> directive in the config file (and any other directive for that matter)
    >> can also have spaces if it's surrounded by double-quotes:
    >> http://bugzilla.mindrot.org/show_bug.cgi?id=482
    >>
    >>> Also does it affect users authenticated with a public key?

    >>
    >> Yes. Username handling in the client is is independant of the auth type.
    >>


    > Is the problem in the client or server? If it's in the client I have
    > nothing to worry about. I'm using Putty for tunnels, and winscp3 for
    > sftp. I don't use scp at all. Not with the username that includes spaces
    > anyway.


    Shrug, spaces in username are one of the worst things I could
    think of for a username, could well be a M$ "invention"?

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 351: PEBKAC (Problem Exists Between Keyboard
    And Chair)

  5. Re: OpenSSH: spaces in user name

    Michael Heiming wrote:

    >
    > Shrug, spaces in username are one of the worst things I could
    > think of for a username, could well be a M$ "invention"?
    >


    It is.

  6. Re: OpenSSH: spaces in user name


    "Chuck" wrote in message
    news:PpGRf.16809$wH5.4757@trnddc02...
    > Michael Heiming wrote:
    >
    >>
    >> Shrug, spaces in username are one of the worst things I could
    >> think of for a username, could well be a M$ "invention"?
    >>

    >
    > It is.


    It's tied to the "let the user name use anything they want, and even
    encourage the use of their real names" approach to the world.



  7. Re: OpenSSH: spaces in user name

    On 2006-03-14, Chuck wrote:
    > Is the problem in the client or server?


    scp client only. Nothing (that I know of) has changed on the server side
    recently that would affect its behaviour in this case.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  8. Re: OpenSSH: spaces in user name

    On 2006-03-14, Chuck wrote:
    > Michael Heiming wrote:
    >
    >> Shrug, spaces in username are one of the worst things I could
    >> think of for a username, could well be a M$ "invention"?


    Copied by Apple too, apparently.

    > It is.


    No argument here. Spaces in file and directory names too.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  9. Re: OpenSSH: spaces in user name

    "Nico Kadel-Garcia" writes:


    >"Chuck" wrote in message
    >news:PpGRf.16809$wH5.4757@trnddc02...
    >> Michael Heiming wrote:
    >>
    >>>
    >>> Shrug, spaces in username are one of the worst things I could
    >>> think of for a username, could well be a M$ "invention"?
    >>>

    >>
    >> It is.


    >It's tied to the "let the user name use anything they want, and even
    >encourage the use of their real names" approach to the world.


    So why can't I put carriage returns and backspaces and single quotes and
    double quotes into my name. Seesh, the unwarranted arrogant abridgement of
    my freedom to do anything I want! -




  10. Re: OpenSSH: spaces in user name

    >>>>> "Unruh" == Unruh writes:

    Unruh> "Nico Kadel-Garcia" writes:
    >> "Chuck" wrote in message
    >> news:PpGRf.16809$wH5.4757@trnddc02...
    >>> Michael Heiming wrote:
    >>>> Shrug, spaces in username are one of the worst things I could
    >>>> think of for a username, could well be a M$ "invention"?
    >>>>
    >>> It is.


    >> It's tied to the "let the user name use anything they want, and
    >> even encourage the use of their real names" approach to the world.


    Unruh> So why can't I put carriage returns and backspaces and single
    Unruh> quotes and double quotes into my name. Seesh, the unwarranted
    Unruh> arrogant abridgement of my freedom to do anything I want! -

    For the record, I completely disagree with all of you. The computer
    exists to make work easier for people. If the natural name for a folder
    sitting on my desktop is, "SSH Talk," I do not want to have to name it
    "SSH_Talk", or "SSH-Talk," or "SSH+Talk," or some other awkward, unsightly
    approximation just to satisfy the deficiencies of someone's software
    design. Especially when the restrictions come from the impoverished
    syntax of a decades-old command language that has exactly no relevance to
    my life or work today.

    Besides, on a practical level, I do not find it a problem. Bash
    completion automatically escapes filename characters that are special to
    it. I use "find -print0 | xargs -0" (which is the way it ought to work,
    anyway). Etc.

    Fix the software, don't "fix" the people.

    --
    Richard Silverman
    res@qoxp.net


  11. Re: OpenSSH: spaces in user name

    "Richard E. Silverman" writes:

    >>>>>> "Unruh" == Unruh writes:


    > Unruh> "Nico Kadel-Garcia" writes:
    > >> "Chuck" wrote in message
    > >> news:PpGRf.16809$wH5.4757@trnddc02...
    > >>> Michael Heiming wrote:
    > >>>> Shrug, spaces in username are one of the worst things I could
    > >>>> think of for a username, could well be a M$ "invention"?
    > >>>>
    > >>> It is.


    > >> It's tied to the "let the user name use anything they want, and
    > >> even encourage the use of their real names" approach to the world.


    > Unruh> So why can't I put carriage returns and backspaces and single
    > Unruh> quotes and double quotes into my name. Seesh, the unwarranted
    > Unruh> arrogant abridgement of my freedom to do anything I want! -


    >For the record, I completely disagree with all of you. The computer
    >exists to make work easier for people. If the natural name for a folder
    >sitting on my desktop is, "SSH Talk," I do not want to have to name it
    >"SSH_Talk", or "SSH-Talk," or "SSH+Talk," or some other awkward, unsightly
    >approximation just to satisfy the deficiencies of someone's software
    >design. Especially when the restrictions come from the impoverished
    >syntax of a decades-old command language that has exactly no relevance to
    >my life or work today.


    It is not a problem of the software, it is the problem that you are
    overloading the space. Space is a word delimiter in English and in computer
    languages. In computer terms, such a delimiter plays a very particular
    role. In your case you want it to either be a character in a name, or a
    delimiter, with no differentiation between the two. That is confusing to
    humans but even more confusing to the computer.
    Now, you can of course add an extra letter to tell the computer to "Now use
    space as a character ( your \ ) instead of as a delimiter. But
    SSH\ Talk is even uglier than SSH_Talk or SSHTalk.

    You can of course do that but it is ugly and more importantly highly
    confusing to the user. Which is the space this time, a delimiter or a
    character.

    Note that you have a similar problem with the '. "O'Donnel's Recipie" is a
    possible name for a file, but again you are overloading the ', as both a
    character and as a string delimiter.

    It is always a good idea to keep ideas separate. Delimiters should not be
    confusable with a character.

    >Besides, on a practical level, I do not find it a problem. Bash
    >completion automatically escapes filename characters that are special to
    >it. I use "find -print0 | xargs -0" (which is the way it ought to work,
    >anyway). Etc.

    Do you really advocate carriage returns as possible characters in a name?
    I might decide that
    This
    is
    my
    file.
    is a reasonable name for my file. Do you advise fixing the software so that
    it is a valid filename?



    >Fix the software, don't "fix" the people.


    While people can usually work their way around ambiguity of expressin, it
    is probably not a good idea to encourage it in computers. Many a war has
    been fought over ambiguity. And encouraging people to use ambiguous names
    for things on computers is not something that I would want to see happen.


    >--
    > Richard Silverman
    > res@qoxp.net



  12. Re: OpenSSH: spaces in user name

    Unruh wrote:
    >>It's tied to the "let the user name use anything they want, and even
    >>encourage the use of their real names" approach to the world.

    >
    >So why can't I put carriage returns and backspaces and single quotes and
    >double quotes into my name. Seesh, the unwarranted arrogant abridgement of
    >my freedom to do anything I want! -


    Yeah! My friend (who pronounces his name "Throatwarbler Mangrove", but spells
    it with two NULs in front, 17,000 silent Qs, and uses the keystroke
    as his nickname) can't login when you apply arbitrary limits
    like this!
    --
    Mark Rafn dagon@dagon.net

  13. Re: OpenSSH: spaces in user name

    >>>>> "BU" == Unruh writes:

    >> For the record, I completely disagree with all of you. The
    >> computer exists to make work easier for people. If the natural
    >> name for a folder sitting on my desktop is, "SSH Talk," I do not
    >> want to have to name it "SSH_Talk", or "SSH-Talk," or "SSH+Talk,"
    >> or some other awkward, unsightly approximation just to satisfy the
    >> deficiencies of someone's software design. Especially when the
    >> restrictions come from the impoverished syntax of a decades-old
    >> command language that has exactly no relevance to my life or work
    >> today.


    BU> It is not a problem of the software, it is the problem that you
    BU> are overloading the space. Space is a word delimiter in English
    BU> and in computer languages...

    This whole issue is completely irrelevant. The central issue here is not
    programming languages; it's filenames and user experience. Of course it's
    a problem with the software: the "overloading" exists because of
    implementation design choices, not some kind of inevitable collision. A
    file pathname is, abstractly, a data structure: an ordered sequence (list)
    of strings. There is no reason why those strings can't be any Unicode
    string at all (and in fact, every reason why they should). The fact that
    some languages make the very dumb decision of encoding these lists as
    strings and overloading the space character (shell), or the slash
    character (practically everything else) is not reason enough to
    inconvenience people. It's a reason to fix the software.

    --
    Richard Silverman
    res@qoxp.net


  14. Re: OpenSSH: spaces in user name

    "Richard E. Silverman" writes:
    >>>>>> "BU" == Unruh writes:

    >
    > >> For the record, I completely disagree with all of you. The
    > >> computer exists to make work easier for people. If the natural
    > >> name for a folder sitting on my desktop is, "SSH Talk," I do not
    > >> want to have to name it "SSH_Talk", or "SSH-Talk," or "SSH+Talk,"
    > >> or some other awkward, unsightly approximation just to satisfy the
    > >> deficiencies of someone's software design. Especially when the
    > >> restrictions come from the impoverished syntax of a decades-old
    > >> command language that has exactly no relevance to my life or work
    > >> today.

    >
    > BU> It is not a problem of the software, it is the problem that you
    > BU> are overloading the space. Space is a word delimiter in English
    > BU> and in computer languages...
    >
    > This whole issue is completely irrelevant. The central issue here is not
    > programming languages; it's filenames and user experience. Of course it's
    > a problem with the software: the "overloading" exists because of
    > implementation design choices, not some kind of inevitable collision. A
    > file pathname is, abstractly, a data structure: an ordered sequence (list)
    > of strings. There is no reason why those strings can't be any Unicode
    > string at all (and in fact, every reason why they should). The fact that
    > some languages make the very dumb decision of encoding these lists as
    > strings and overloading the space character (shell), or the slash
    > character (practically everything else) is not reason enough to
    > inconvenience people. It's a reason to fix the software.


    For those of us who use command-line shells, filenames without spaces
    are significantly more convenient that filenames with spaces (likewise
    for certain other special characters). It's still possible to deal
    with it, of course, just less convenient.

    For other interfaces, it might not be as much of an issue. For a C
    program or Perl script, for example, the file name needs to be quoted
    anyway; for a GUI interface, you just need to click in the right
    place.

    --
    Keith Thompson (The_Other_Keith) kst-u@mib.org
    San Diego Supercomputer Center <*>
    We must do something. This is something. Therefore, we must do this.

  15. Re: OpenSSH: spaces in user name

    >>>>> "KT" == Keith Thompson writes:

    KT> For those of us who use command-line shells, filenames without
    KT> spaces are significantly more convenient that filenames with
    KT> spaces (likewise for certain other special characters). It's
    KT> still possible to deal with it, of course, just less convenient.

    Sure -- encoding a pathname list as a string in a command-line context
    requires quoting. Just as we already have to quote quite a few other
    characters special to shell, even when used outside filenames (& ; $ * ?
    ....). As you point out, though, it's not even a problem to this small
    extent, in other interfaces. The point I'm making is that earlier posters
    were not just disagreeing with, but *ridiculing* the idea of "spaces in
    filenames" as some kind of profound stupidity, which should obviously be
    disallowed. I see no reason to hamstring more general interfaces, and
    degrade the usability of computers, just to make one kind of interface
    marginally easier in some situations. Especially when you consider that
    the vast majority of people using the computers in question do *not* use
    that interface.

    People do not want to be told that they can't name a file using everyday
    English, e.g. "Law & Order," "notes to last meeting," "minutes 3/16/2006,"
    just because some geeks somewhere don't like typing a backslash
    occasionally. Nor should they be.

    --
    Richard Silverman
    res@qoxp.net


  16. Re: OpenSSH: spaces in user name

    On 16 Mar 2006 23:36:07 -0500, "Richard E. Silverman" wrote:

    >People do not want to be told that they can't name a file using everyday
    >English, e.g. "Law & Order," "notes to last meeting," "minutes 3/16/2006,"
    >just because some geeks somewhere don't like typing a backslash
    >occasionally. Nor should they be.


    Hmm, brought up by msft? A file's content does not need to be described
    by its name. Lusers forget where they put files anyway, and need 'search
    by content' tools to find them.

    Grant.
    --
    Memory fault -- brain fried

  17. Re: OpenSSH: spaces in user name

    "Richard E. Silverman" writes:
    >>>>>> "KT" == Keith Thompson writes:

    >
    > KT> For those of us who use command-line shells, filenames without
    > KT> spaces are significantly more convenient that filenames with
    > KT> spaces (likewise for certain other special characters). It's
    > KT> still possible to deal with it, of course, just less convenient.
    >
    > Sure -- encoding a pathname list as a string in a command-line context
    > requires quoting. Just as we already have to quote quite a few other
    > characters special to shell, even when used outside filenames (& ; $ * ?
    > ...). As you point out, though, it's not even a problem to this small
    > extent, in other interfaces. The point I'm making is that earlier posters
    > were not just disagreeing with, but *ridiculing* the idea of "spaces in
    > filenames" as some kind of profound stupidity, which should obviously be
    > disallowed. I see no reason to hamstring more general interfaces, and
    > degrade the usability of computers, just to make one kind of interface
    > marginally easier in some situations. Especially when you consider that
    > the vast majority of people using the computers in question do *not* use
    > that interface.
    >
    > People do not want to be told that they can't name a file using everyday
    > English, e.g. "Law & Order," "notes to last meeting," "minutes 3/16/2006,"
    > just because some geeks somewhere don't like typing a backslash
    > occasionally. Nor should they be.


    So your system lets you name a file "minutes 3/16/2006"?

    --
    Keith Thompson (The_Other_Keith) kst-u@mib.org
    San Diego Supercomputer Center <*>
    We must do something. This is something. Therefore, we must do this.

  18. Re: OpenSSH: spaces in user name

    >>>>> "KT" == Keith Thompson writes:

    >> People do not want to be told that they can't name a file using
    >> everyday English, e.g. "Law & Order," "notes to last meeting,"
    >> "minutes 3/16/2006," just because some geeks somewhere don't like
    >> typing a backslash occasionally. Nor should they be.


    KT> So your system lets you name a file "minutes 3/16/2006"?

    In fact, it does. Before answering you I tried it (I'm using OS X) --
    changed the name of a folder to "SSH/Talk", using the Finder -- and it
    worked. I was mildly shocked. Then I looked and saw that the actual
    filename was now "SSH:Talk". Apple apparently decided it was more
    important to let people use slashes than colons; trying to name it
    "SSH:Talk" (again with the Finder) yields a naming error. And "touch
    foo:bar" shows up as "foo/bar" on the desktop. Who knows what other
    bizarre translations are in there? Actually, I wonder if it has some deep
    and weird connection to the misty past of OS 9 -- wherein the directory
    separator character was, in fact, a colon.

    Anyway, my point is that all this nonsense is undesirable and unnecessary.

    --
    Richard Silverman
    res@qoxp.net


  19. Re: OpenSSH: spaces in user name

    "Richard E. Silverman" writes:
    >>>>>> "KT" == Keith Thompson writes:

    >
    > >> People do not want to be told that they can't name a file using
    > >> everyday English, e.g. "Law & Order," "notes to last meeting,"
    > >> "minutes 3/16/2006," just because some geeks somewhere don't like
    > >> typing a backslash occasionally. Nor should they be.

    >
    > KT> So your system lets you name a file "minutes 3/16/2006"?
    >
    > In fact, it does. Before answering you I tried it (I'm using OS X) --
    > changed the name of a folder to "SSH/Talk", using the Finder -- and it
    > worked. I was mildly shocked. Then I looked and saw that the actual
    > filename was now "SSH:Talk". Apple apparently decided it was more
    > important to let people use slashes than colons; trying to name it
    > "SSH:Talk" (again with the Finder) yields a naming error. And "touch
    > foo:bar" shows up as "foo/bar" on the desktop. Who knows what other
    > bizarre translations are in there? Actually, I wonder if it has some deep
    > and weird connection to the misty past of OS 9 -- wherein the directory
    > separator character was, in fact, a colon.
    >
    > Anyway, my point is that all this nonsense is undesirable and unnecessary.


    Interesting.

    My point is that being able to refer to a file either by its own file
    name or by a full path name, and for either to be expressible as a
    character string, is vital. Reserving a single character value as a
    directory delimiter, and forbidding it in file names, seems to me to
    be a small price to pay for that capability.

    Personally, I do the vast majority of my interaction with the system
    through a shell. Spaces in file names are inconvenient for me, but
    not fatally so; I avoid creating them and deal with them only when
    necessary.

    If I were using a system that forbids spaces in file names, it
    wouldn't bother me a bit. Your mileage, of course may vary.

    (And I don't think this has much to do with ssh anymore.)

    --
    Keith Thompson (The_Other_Keith) kst-u@mib.org
    San Diego Supercomputer Center <*>
    We must do something. This is something. Therefore, we must do this.

+ Reply to Thread