openssh bugs - Jan 2018 - [Bug 2827] New: Specifying ssh config file via -F does not apply to ProxyJump / ProxyCommand

https://bugzilla.mindrot.org/show_bug.cgi?id=2827

            Bug ID: 2827
           Summary: Specifying ssh config file via -F does not apply to
                    ProxyJump / ProxyCommand
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: willchan at google.com

I have a config file that has a Host section for the destination host,
that uses a ProxyCommand to connect via a jump host. Connection
configuration for the jump host is also specified in its own Host
section in the config file. The problem is that, unless the config file
is in a default location (system /etc ssh config, or /etc/passwd
specified home directory), I'd have to specify -F in the ProxyCommand
itself. This means the config file isn't safe to be located in any
arbitrary location, without rewriting its content. If I specify -F on
the command line, it'd be great for it to be propagated to ProxyJumps.
That said, I suspect that may not be the best way to configure this. It
would just solve my problem :)

More concretely, I am deploying multiple ssh configurations and
identities to a cloud server, so it can access a bunch of our other
hosts. I don't want to have to overwrite /etc or ~user/.ssh/config. I
looked into setting $HOME, but it appears that that is not supported.
ssh appears to use the directory specified in /etc/passwd, as returned
by getpwuid().

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2827

willchan at google.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |willchan at google.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2827

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
What version are you using?  AFAICT ProxyJump has always passed -F
through:

https://github.com/openssh/openssh-portable/commit/ed877ef653847d056bb433975d731b7a1132a979#diff-5bfa45f3fb322e569a8101399c9c551cR1113

$ ssh -F /dev/null -vvv -J localhost localhost true 2>&1 | grep
ProxyJump
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -F /dev/null
-vvv -W '[%h]:%p' localhost

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2827

willchan at google.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #2 from willchan at google.com ---
Oops, now I feel stupid :P Indeed you're correct, sorry for wasting
your time.

My environment is using OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g
 1 Mar 2016. I had tried to use this awhile back and couldn't. It's
possible that the OpenSSH version in the environment is different now
than before. In particular, I remember that at the time I tested this
before, ProxyJump didn't exist, so I was using ProxyCommand. I'll go
figure out if this OpenSSH version includes ProxyJump support, and if
not, I'll look into whether or not I can update it.

Thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2827

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.