search for: opermitlocalcommand

Hi guys, I've made a patch adding LocalPreCommand to ssh_config. It mimics behaviour of LocalCommand, but is executed right before the connection is opened. This makes possible e.g. to integrate ssh with port knocking. It also removes "-oPermitLocalCommand=no" from scp allowing the same functionality to be used for file transfers. Applies cleanly on vanilla OpenSSH 6.7p1. http://software.klolik.org/patches/openssh+localprecommand.diff Best regards, Bartlomiej Korupczynski

...hanged in 4.7p1 ~ # sftp -S /usr/bin/dbclient -s /usr/lib/openssh/sftp-server foglietr at 172.16.119.6 Connecting to 172.16.119.6... WARNING: Ignoring unknown argument '-oForwardX11 no' WARNING: Ignoring unknown argument '-oForwardAgent no' WARNING: Ignoring unknown argument '-oPermitLocalCommand no' WARNING: Ignoring unknown argument '-oClearAllForwardings yes' WARNING: Ignoring unknown argument '-oProtocol 2' foglietr at 172.16.119.6's password: foglietr at 172.16.119.6's password: foglietr at 172.16.119.6's password: xset: unable to open display "&qu...

...ing ifup [1]. The -f option doesn't help because it returns after connecting to the server but before the tunnel is up. Sleeping for a few seconds does work, but it just feels too hacky. The LocalCommand option seems to work, for example: ssh -w 0:1 "-oLocalCommand=ifup tun0" "-oPermitLocalCommand=yes" myserver.example.org true However, the man page says: "The command is run synchronously and does not have access to the session of the ssh(1) that spawned it." Is the above invocation guaranteed to work or was it just luck that LocalCommand was executed after the tunnel is set...

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

...bout the name of the local tty. To make this a bit more concrete, the config block to make this work with my tool looks like ``` Host = your-ssh-target-name Hostname your.ssh.host.example.com RemoteCommand shpool plumbing ssh-remote-command PermitLocalCommand yes LocalCommand ssh -oPermitLocalCommand=no -oRemoteCommand="shpool plumbing ssh-local-command-set-metadata '%u@%h:%p$(tty)'" %n ``` This kinda works, but has several fairly big problems. A really obvious one is that single global parking slot which opens this protocol up to race conditions and limits the ability to qui...

...-0000 @@ -128,7 +128,7 @@ oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, + oHashKnownHosts, oMatchHostName, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, oKexAlgorithms, oIPQoS, oRequestTTY, @@ -228,6 +228,7 @@ { "controlmaster", oControlMaster }, { "controlpersist", oControlPersist }, { "hashknownhosts", oHashKnownHosts }, + { "matchhost...

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

...usr.bin/ssh/readconf.c,v retrieving revision 1.182 diff -u -N -p readconf.c --- readconf.c 9 Jan 2010 23:04:13 -0000 1.182 +++ readconf.c 11 Jan 2010 22:19:10 -0000 @@ -128,7 +128,7 @@ typedef enum { oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, - oDeprecated, oUnsupported + oAddKey, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -232,6 +232,7 @@ static struct { #else { "zeroknowledgepasswordauthentication", oUnsuppo...

...test1 1245328 1 0 16:32:39 - 0:00 scp /tmp/testfile test3 at target_machine:/tmp/testfile test1 1638838 1245328 0 16:32:39 - 0:18 /usr//bin/ssh -x -oForwardAgent no -oPermitLocalCommand no -oClearAllForwardings yes -l test3 -- target_machine scp -t -- /tmp/testfile test1 4850090 3998138 0 16:42:59 pts/1 0:00 grep scp -- You are receiving this mail because: You are watching the assignee of the bug.

...++++++++++++++++++++++++ ssh.c | 57 +++++++++++++ 5 files changed, 452 insertions(+), 2 deletions(-) diff --git a/readconf.c b/readconf.c index eb4a8b9..9f862a9 100644 --- a/readconf.c +++ b/readconf.c @@ -135,7 +135,7 @@ typedef enum { oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, oKexAlgorithms, oIPQoS, - oDeprecated, oUnsupported + oDeprecated, oUnsupported, oLocalEnvMod } OpCodes; /* Textual representations of the tokens. */ @@ -245,6 +245,7 @@ static struct { #endif { "kexalgorithms"...

...eadconf.c 2005-12-13 09:33:20.000000000 +0100 +++ openssh-4.3p1-patch/readconf.c 2006-02-04 16:41:10.000000000 +0100 @@ -112,7 +112,7 @@ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oDeprecated, oUnsupported + oDeprecated, oUnsupported, oOffendingKeyOverride } OpCodes; /* Textual representations of the tokens. */ @@ -175,6 +175,7 @@ { "batchmode", oBatchMode }, { "checkhostip", oCheckHostIP }, { "stricthostkeychecking", oStrictHostKey...

https://bugzilla.mindrot.org/show_bug.cgi?id=3531 Bug ID: 3531 Summary: Ssh will not exit when it receives SIGTERM before calling poll in client_wait_until_can_do_something until some events happen. Product: Portable OpenSSH Version: 9.1p1 Hardware: Other OS: Linux Status:

...ons *); --- openssh-4.7p1/readconf.c Mon Dec 17 03:46:49 2007 +++ openssh-4.7p1/readconf.c Fri Dec 21 15:40:50 2007 @@ -130,6 +130,7 @@ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, + oFipsMode, oDeprecated, oUnsupported } OpCodes; @@ -226,6 +227,7 @@ { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, + { "fipsmode", oFipsMode}, { NULL, oBadOption } }; @@...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name