openssh bugs - Jun 2020 - [Bug 3175] New: ssh_config(5) - ProxyCommand should explain semantics

https://bugzilla.mindrot.org/show_bug.cgi?id=3175

            Bug ID: 3175
           Summary: ssh_config(5) - ProxyCommand should explain semantics
           Product: Portable OpenSSH
           Version: 8.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: frederik-openssh at ofb.net

ssh_config(5) says:

     ProxyCommand
             Specifies the command to use to connect to the server. 
The com-
             mand string extends to the end of the line, and is
executed using
             the user's shell `exec' directive to avoid a lingering
shell
             process.

Personally, I would find this explanation much more transparent if it
mentioned up front that the ssh command line arguments "destination"
and "-p port" are ignored when ProxyCommand is specified. Perhaps
something like:

     ProxyCommand
             Specifies the command to use to connect to the server. If
             this option is provided then ssh will ignore command line
             arguments such as "destination" and "-p port".
Instead,
             Ssh will run the given command, and will attempt to
             communicate with the remote server via the standard input
             and output of the command's process. Specifying no proxy
             command is equivalent to "ProxyCommand nc host port"
             (where "nc" is the "netcat" utility).

             The command string extends to the end of the line. The
             command is executed using the user's shell `exec'
             directive to avoid a lingering shell process. [...]

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3175

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Those options aren't ignored though, they are made available to the
proxy command via token command line arguments. E.g. ProxyCommand="nc
%h %p"

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3175

--- Comment #2 from frederik-openssh at ofb.net ---
Thank you. Second attempt

    ProxyCommand
             Specifies the command to use to connect to the server. If
             this option is provided then ssh(1) will not use the
             command line arguments such as "destination" and "-p
             port" for connecting. Instead, ssh(1) will run the given
             command, and will attempt to communicate with the remote
             server via the input and output of the command's process.
             Thus, specifying no proxy command (the default) would be
             semantically equivalent to `ProxyCommand="nc %h %p"`.
             ("nc" is the "netcat" utility, and %h and %p
are expanded
             to host and port as defined under TOKENS below)

             The command string extends to the end of the line. The
             command is executed using the user's shell `exec'
             directive to avoid a lingering shell process. [...]

There is a bit of repetition in the next paragraph ("Arguments to
ProxyCommand accept the tokens [...]") but I think this is OK. (?)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.