> So what does nncp-exec do? It reads stdin and encrypts it to node bob. It adds metadata, saying it’s requesting the “tarextract” command, and adding two arguments to it (the -C /var/local/backups). It writes this all into a packet file in the transmission queue for bob.
> When bob processes the packet, it spins up /usr/bin/tar -xpf - -C /var/local/backups, piping to it the data that had originally been piped to nncp-exec.
I was with them until seeing that nncp-exec accepts user provided arguments[2], and that just smells like an escape waiting to happen. Since they drew parallels between that and the command= in authorized_keys[2] I looked it up and it doesn't appear that either command= nor its ForceCommand sibling accept user provided arguments
I presume its target audience is where both ends of the connection are "you" (or at least fully trusted)
> So what does nncp-exec do? It reads stdin and encrypts it to node bob. It adds metadata, saying it’s requesting the “tarextract” command, and adding two arguments to it (the -C /var/local/backups). It writes this all into a packet file in the transmission queue for bob.
> When bob processes the packet, it spins up /usr/bin/tar -xpf - -C /var/local/backups, piping to it the data that had originally been piped to nncp-exec.
I was with them until seeing that nncp-exec accepts user provided arguments[2], and that just smells like an escape waiting to happen. Since they drew parallels between that and the command= in authorized_keys[2] I looked it up and it doesn't appear that either command= nor its ForceCommand sibling accept user provided arguments
I presume its target audience is where both ends of the connection are "you" (or at least fully trusted)
1: https://www.complete.org/nncp-concepts/#remote-execution
2: https://manpages.ubuntu.com/manpages/noble/man8/sshd.8.html#...