Debian Permit Local Command Issue

Question

I have a debian box that I cannot scp files from.

Installing ssh again does not fix this issue

hosting:/home/gcushing# scp test.text gcushing@serenity.gwi:/home/gcushing
command-line: line 0: Bad configuration option: PermitLocalCommand
lost connection

I have added and removed PermitLocalCommand from /etc/ssh/ssh config

FYI, /usr/bin/ssh is the odd one out:

xach@hosting:/$ grep '\(ssh\|scp\)$' /var/lib/dpkg/info/openssh-client.md5sums 
ef75badecd778d4c91d8679c63a7512c  usr/bin/ssh 
53adbbcc6ae2d03c145e94bef36cbc98  usr/bin/scp 

xach@hosting:/$ md5sum usr/bin/ssh /usr/bin/scp 
c5022a79360ae8d32051ec2cd23ced25  usr/bin/ssh 
53adbbcc6ae2d03c145e94bef36cbc98  /usr/bin/scp

score 2 · Answer 1 · answered Dec 09 '09 at 15:12

2

Thats really shady how the actual binary's checksum is different from what package specifies it should be. Does this host face internet?

Also try using 'apt-get' purge command to reinstall openssh.

answered Dec 09 '09 at 15:12

Vitaliy

512
3
9

This box does face the public. I couldn't get purge correctly working. Looking at purge it does nothing different than remove which didnt work. – Dec 10 '09 at 13:58

score 1 · Accepted Answer · answered Oct 11 '10 at 13:15

I had a compromise with this from the sebd rootkit. Thanks for the heads up.

grep '\(ssh\|scp\)$' /var/lib/dpkg/info/openssh-client.md5sums
cd649a9c527c0c7980bc6d700296eaef  usr/bin/ssh

md5sum usr/bin/ssh /usr/bin/scp
3d36ae70e17854b6bc8de710293f63b0  usr/bin/ssh

score 1 · Answer 3 · answered Feb 13 '12 at 16:57

I encountered the same issue - an ssh client had been forced onto a server when http was open to the internet for just a couple of hours... They had installed a folder (/root/.kde), replaced the /usr/bin/ssh binary and submitted their own version of a crontab for root that ran a script in the .kde folder. I removed the package for openssh client programs -- and ssh was still there. I could not remove it, even as root... I found it had been made "immutable" with the "chattr" command. It looked like this:
-bash-3.2# lsattr ssh -u--ia------- ssh
To fix:
-bash-3.2# chattr -u -i -a ssh -bash-3.2# lsattr ssh ------------- ssh
Then I was able to remove ssh and re-install the openssh client programs successfully. With the proper version of ssh the forced parameter PermitLocalCommand=no, which is used by both scp and sftp, is passed to ssh and is not rejected.

Debian Permit Local Command Issue

3 Answers3