bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-06 21:02 UTC
[Bug 1977] New: ProxyCommand seems to no execute shell commands
https://bugzilla.mindrot.org/show_bug.cgi?id=1977 Bug #: 1977 Summary: ProxyCommand seems to no execute shell commands Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: calestyo at scientia.net Hi. The manpage says to ProxyCommand:>The command string extends to the end of the line, >and is executed with the user's shell.So I'd have assumed that the following works: Host *.exmaple.org ProxyCommand ssh -W %h:%p gateway1.exmaple.org || ssh -W %h:%p gateway2.exmaple.org But it doesn't, even not in modifications like: ProxyCommand { ssh -W %h:%p gateway1.exmaple.org ; } || { ssh -W %h:%p gateway2.exmaple.org ; } or so. Is this intentional or a bug? What works however is explicitly invoking another shell: ProxyCommand sh -c "ssh -W %h:%p gateway1.exmaple.org || ssh -W %h:%p gateway2.exmaple.org" but this shouldn't be necessary, should it? Thx, Chris. btw: I guess my intention is clear, if the gateway1 fails, use gateway2. Is there a better way for doing this? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 00:03 UTC
[Bug 1977] ProxyCommand seems to no execute shell commands
https://bugzilla.mindrot.org/show_bug.cgi?id=1977 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> 2012-02-24 11:03:30 EST --- I don't think that proxy command will work the way you think it will - if the first ssh invocation emits any output or consumes any input then it will break the client's handshake before the second ssh starts. Anyway, I can't diagnose what's going wrong here without a full log trace (ssh -vvv ...). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Mar-02 23:03 UTC
[Bug 1977] ProxyCommand seems to no execute shell commands
https://bugzilla.mindrot.org/show_bug.cgi?id=1977 --- Comment #2 from Christoph Anton Mitterer <calestyo at scientia.net> 2012-03-03 10:03:29 EST --->I don't think that proxy command will work the way you think it >will - if the first ssh invocation emits any output or consumes >any input then it will break the client's handshake before the >second ssh starts.Well at least it works exactly as wished, when doing it with: sh -c "ssh -W %h:%p gateway1.exmaple.org || ssh -W %h:%p gateway2.exmaple.org" Here is the log output: $ ssh -vvv gar-ws-etp71.garching.physik.uni-muenchen.de OpenSSH_5.9p1 Debian-3, OpenSSL 1.0.0g 18 Jan 2012 debug1: Reading configuration data /home/calestyo/.ssh/config debug1: /home/calestyo/.ssh/config line 35: Applying options for *.garching.physik.uni-muenchen.de debug1: /home/calestyo/.ssh/config line 41: Applying options for *.uni-muenchen.de debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Executing proxy command: exec ssh -W gar-ws-etp71.garching.physik.uni-muenchen.de:22 gar-sv-login01.garching.physik.uni-muenchen.de || ssh -W gar-ws-etp71.garching.physik.uni-muenchen.de:22 gar-sv-login02.garching.physik.uni-muenchen.de debug3: Incorrect RSA1 identifier debug3: Could not load "/home/calestyo/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/calestyo/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096 debug1: identity file /home/calestyo/.ssh/id_rsa-cert type -1 debug1: identity file /home/calestyo/.ssh/id_dsa type -1 debug1: identity file /home/calestyo/.ssh/id_dsa-cert type -1 debug3: Incorrect RSA1 identifier debug3: Could not load "/home/calestyo/.ssh/id_ecdsa" as a RSA1 public key debug1: identity file /home/calestyo/.ssh/id_ecdsa type 3 debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-521 debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-521 debug1: identity file /home/calestyo/.ssh/id_ecdsa-cert type -1 debug1: permanently_drop_suid: 1000 ssh: connect to host gar-sv-login01.garching.physik.uni-muenchen.de port 22: Connection refused ssh_exchange_identification: Connection closed by remote host $ HTH, Chris. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Mar-30 00:57 UTC
[Bug 1977] ProxyCommand seems to no execute shell commands
https://bugzilla.mindrot.org/show_bug.cgi?id=1977 --- Comment #3 from Damien Miller <djm at mindrot.org> 2012-03-30 11:57:51 EST --- I think I've figured out your problem: xasprintf(&tmp, "exec %s", proxy_command); This is done to avoid a lingering shell for the life of the connection, while still allowing shell expansion of environment variables, etc. If you proxy command requires other shell features then you'll need to provide one explicitly. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Mar-30 12:14 UTC
[Bug 1977] ProxyCommand seems to no execute shell commands
https://bugzilla.mindrot.org/show_bug.cgi?id=1977 --- Comment #4 from Christoph Anton Mitterer <calestyo at scientia.net> 2012-03-30 23:14:51 EST --- So you basically mean,... it doesn't work by intention, right? Could you then please update the documentation to reflect this? I.e. that [just] commands can be executed, but that env-variables (and whatever else works) are expanded. :) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.