bugzilla-daemon at mindrot.org
2021-Nov-25 21:14 UTC
[Bug 3369] New: Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout
https://bugzilla.mindrot.org/show_bug.cgi?id=3369 Bug ID: 3369 Summary: Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: cponder at nvidia.com For some context, here's my use-case: I have an authentication_script that generates a temporary certificate to log onto a remote system. I want to call this automatically when I try to connect, *IF* the certificate has expired. Here's the entry I use in my ~/.ssh/config to make this happen: Match originalhost remote.site exec "test $(file.age %%h ~/.ssh/SITE/certificate) -gt 24" exec "gnome-terminal -- ~/.ssh/SITE/authentication_script -o ~/.ssh/SITE/certificate" This is a bit of a hack in that it runs the script inside a new terminal-window. I don't think I should have to do this, I'd like the password prompt to come out after the command-line in the same session, analogous to what I'd get when ssh asks for the password. If I just try to execute the utility exec "~/.ssh/SITE/authentication_script -o ~/.ssh/SITE/certificate" though, I get these error-messages: stty: 'standard input': Inappropriate ioctl for device stty: 'standard input': Inappropriate ioctl for device authentication_script: The sshproxy server said: Authentication failed. Failed login: myname: authentication_script: This usually means you did not enter the correct password or OTP: stty: 'standard input': Inappropriate ioctl for device stty: 'standard input': Inappropriate ioctl for device stty: 'standard input': Inappropriate ioctl for device authentication_script: The sshproxy server said: Authentication failed. Failed login: myname: authentication_script: This usually means you did not enter the correct password or OTP: stty: 'standard input': Inappropriate ioctl for device My understanding is that the stdin & stdout have been severed from the exec-shell where the utility is executed. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-25 21:17 UTC
[Bug 3369] Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout
https://bugzilla.mindrot.org/show_bug.cgi?id=3369 --- Comment #1 from Carl Ponder <cponder at nvidia.com> --- If cutting-off stdin/stdout is done by design, what is the motive for it? An enhancement-request would to to enable this in the /etc/ssh/ssh_config with something like EnableSubshellIO yes -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-26 11:35 UTC
[Bug 3369] Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout
https://bugzilla.mindrot.org/show_bug.cgi?id=3369 --- Comment #2 from Carl Ponder <cponder at nvidia.com> --- I've found a suitable workaround for this, by detecting the PTY and re-directing the input/output to use it: PTY=$(ps --no-headers $$ | xargs index 2) printf "Enter the password: " > /dev/$PTY read -r -s pw < /dev/$PTY You're welcome to close this as "not a bug" or re-set it to be an "enhancement request". But I'm still curious why the stdin/stdout are disabled. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Nov-28 07:29 UTC
[Bug 3369] Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout
https://bugzilla.mindrot.org/show_bug.cgi?id=3369 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED CC| |dtucker at dtucker.net --- Comment #3 from Darren Tucker <dtucker at dtucker.net> --- (In reply to Carl Ponder from comment #2) [...]> PTY=$(ps --no-headers $$ | xargs index 2) > printf "Enter the password: " > /dev/$PTY > read -r -s pw < /dev/$PTYYou should be able to use /dev/tty to interact with the controlling terminal (when ssh has one).> But I'm still curious why the stdin/stdout are disabled.Polluting stdin and stdout like that and make ssh useless for shell pipelines or anything that uses ssh as a transport (eg sftp, scp, rsync, git). Anyway, this is working as intended so closing this bug. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:56 UTC
[Bug 3369] Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout
https://bugzilla.mindrot.org/show_bug.cgi?id=3369 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- closing bugs resolved before openssh-8.9 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.