bugzilla-daemon at mindrot.org
2024-Nov-12 11:02 UTC
[Bug 3751] New: ssh fails to parse ProxyCommand option with a string that ends in a backslash
https://bugzilla.mindrot.org/show_bug.cgi?id=3751
Bug ID: 3751
Summary: ssh fails to parse ProxyCommand option with a string
that ends in a backslash
Product: Portable OpenSSH
Version: 8.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: kaltsi+bug at gmail.com
This worked still in 8.6p1, but returns a failure in 8.7p1 and newer.
openssh-8.7p1$ ./ssh -o ProxyCommand="echo 'foo\\'"
command-line line 0: invalid quotes
If I rearrange the quotes, there is no failure:
openssh-8.7p1$ ./ssh -o ProxyCommand='echo "foo\\"'
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
...
If the inner string isn't quoted, no failure:
openssh-8.7p1$ ./ssh -o ProxyCommand="echo foo\\"
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
...
My use case is using 'sshpass' as a ProxyCommand and give it the
password option with a password that ends in a backslash.
ssh -o ProxyCommand="sshpass -p 'password\\' ssh -o
StrictHostKeyChecking=no -W %h:%p -p 22 -l testuser jumphost.invalid"
targethost.invalid
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Nov-12 22:17 UTC
[Bug 3751] ssh fails to parse ProxyCommand option with a string that ends in a backslash
https://bugzilla.mindrot.org/show_bug.cgi?id=3751
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This is an unfortunate consequence of an intended change. We switched
the configuration file parsing to be more shell-like in 8.7 and this
did have some corner-cases like the one you identified.
The >=8.7 parser is more consistent and allows sensible quoting and
escaping, which is difficult to impossible under the old parser.
https://www.openssh.com/releasenotes.html#8.7 has some more details but
this is not fixable without abandoning the new parser, which we're not
going to to do.
If you need to write configurations that work with both the old and new
ssh versions then I recommend moving the ProxyCommand to a shell
script.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Nov-12 22:44 UTC
[Bug 3751] ssh fails to parse ProxyCommand option with a string that ends in a backslash
https://bugzilla.mindrot.org/show_bug.cgi?id=3751
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Seemingly Similar Threads
- ControlPath versus ProxyCommand
- ControlPath versus ProxyCommand
- Question regarding patch for ProxyCommand setting
- How to explicitly define the default setting for ProxyCommand for a particular host
- [Bug 3175] New: ssh_config(5) - ProxyCommand should explain semantics