search for: proxycommand

TL;DR: I expect ProxyCommand to have effect in preference to ControlPath. I've just tripped over this one. I have an ssh Host (let us call it "MAIN") with a ControlPath and with ControlMaster=no, from the .ssh/config file. I also have a shell script whose purpose is to hop to a remote host through a port forw...

Hi! I recently started using ProxyCommand and noticed that it's not possible to specify a "none" value for it. I've already written a patch for that, but wanted to discuss the issue before posting the patch. The problem is the following: I'd like to use a ProxyCommand by default, but exclude some hosts. But as soon a...

Hi there, I'm working on a project to write a ProxyCommand that reaches out to an SSH CA to receive an SSH certificate prior to the connection. The ProxyCommand also creates a tunnel to the upstream SSH server. When using ProxyCommand alone, the issue is that the identity files are loaded as soon as SSH has fork/exec'd the process. It does not wait fo...

https://bugzilla.mindrot.org/show_bug.cgi?id=3175 Bug ID: 3175 Summary: ssh_config(5) - ProxyCommand should explain semantics Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org...

On 03Nov2017 13:07, Damien Miller <djm at mindrot.org> wrote: >On Fri, 3 Nov 2017, Cameron Simpson wrote: >> TL;DR: I expect ProxyCommand to have effect in preference to >> ControlPath. [...] >> On reflection, of course these are distinct options and that side of >> things isn't, of itself, a bug. However, is there a sane use case for >> using ControlMaster/ControlPath at all if there is a ProxyCommand? I...

http://bugzilla.mindrot.org/show_bug.cgi?id=223 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|FreeBSD |All Platform|ix86 |All Version|3.0.1p1 |-current ------- Additional

I would like to create an ssh_config file with two basic groups of settings: A default "Host *" settings group with: Proxycommand=/my/helper/binary %h %p And another specific "Host specialServer" settings group with ProxyCommand= or ProxyCommand='' And yes, my current ssh_config file is setup in the correct order with the "Host *" declaration last. Host specialServer ProxyCommand=XXXXXXX Ho...

https://bugzilla.mindrot.org/show_bug.cgi?id=2706 Bug ID: 2706 Summary: remote code execution via ProxyCommand+browser exploit Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: Mac OS X Status: NEW Severity: security Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Report...

Hi all, I tried to use the ProxyCommand option in the ~/.ssh/config file like ProxyCommand /usr/local/bin/corkscrew <firewall> 80 %h %p but it seems th me that the ssh clinet won't use the option .. How can I tell the client to accept the proxy an send all requests to this host, bcause the internet names ("%P") can...

http://bugzilla.mindrot.org/show_bug.cgi?id=1118 Summary: Annoying "Killed by signal 1" message with ProxyCommand Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: koef at xs4all.nl (Co...

#ssh -V OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 Probably is not a real issue, because everyone should have its SHELL var defined, but as said above, when it's not, ssh with ProxyCommand will fail. I use connect.c, but with no SHELL var defined is not executed, ssh -v will give "No such file", and I'm pretty sure it refers to the shell, I read in ChangeLog that now ProxyCommand will use $SHELL instead of /bin/sh. Maybe consider using /bin/sh as default when SHELL is n...

Hello, While testing recent snapshots (20131023 and 20131024) I encountered a problem with ProxyCommand. The regression tests all passed, but the use of ProxyCommand's in my ~/.ssh/config resulted in name resolution errors; even if CanonicalizeHostname was explicitly set to "no." The patch included inline below fixed the issue: Index: ssh.c ============================================...

Hello, Today I succesfully transfered some testfile on my local computer with the following command: rsync -e "ssh" testfile.txt localhost:receive I can also succesfully connect with SSH to a remote server through an http proxy with the following command: ssh -o "ProxyCommand corkscrew myhttpProxy 8080 targetcomputer.domain 22" targetcomputer.domain But I'm so far unable to combine them, mostly because the "-signs in the SSH command seem to conflict with the "-signs in the rsync command. I've tried the following combinations with the following r...

Hi! As discussed in the thread "Question regarding patch for ProxyCommand setting". The patch is rather straight forward; maybe it would be a good idea to improve it in a way that it uses a list of string options that may have a "none" value to reset it to NULL. Ciao Thomas -------------- next part -------------- Index: readconf.c =====================...

...> Hello, > > On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: > > login -pfq $USER /usr/bin/ssh $HOST > > Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. > > If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: > > -ssh -W '[%h]:%p' $JUMP_HOST > > Because of the leading hyphen, this fails to execute. If the user?s shell is zsh, the Terminal window shows: > > zsh:1: unknown exec flag -s > > Would it make sense to ignore any leading hyphen when constructing the Prox...

Hello, On macOS, Terminal?s ?New Remote Connection?? command runs ssh in a new window like this: login -pfq $USER /usr/bin/ssh $HOST Here, login executes /usr/bin/ssh with argv[0] set to ?-ssh?. If $HOST has a ProxyJump configuration, the resulting ProxyCommand is: -ssh -W '[%h]:%p' $JUMP_HOST Because of the leading hyphen, this fails to execute. If the user?s shell is zsh, the Terminal window shows: zsh:1: unknown exec flag -s Would it make sense to ignore any leading hyphen when constructing the ProxyCommand from ProxyJump? % ssh -V...

I have a network without a network connection to other networks. But a socks server is dual homed between it and other networks. I can use socks to ssh to other networks. I use ProxyCommand with the socks aware connect.c program to connect out. All works great. I discovered while trying to use the ssh-keyscan program that it does not use the ProxyCommand configuration. At least in my testing it does not return any information in this case. I also tried the Dante 'socksify nc $...

When using a ProxyCommand, it appears that the arguments to it are passed in an unsafe manner: % ssh -o ProxyCommand='nc %h %p' '$(not found)' zsh:1: command not found: not nc: you must specify the address/port couple of the remote endpoint ssh_exchange_identification: Connection closed by remote host This...

I see that the hostname canonicalization configuration options is still rather limited. As that works on DNS level they are of not use if one has to use ProxyCommand to connect over a proxy connection or through a common gateway name where one uses different port numbers to connect to different intranet names. What would be ideal is to extend the ProxyCommand to both return the resolved universal name for the given short name and to connect to that universal n...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've noticed that when I use ProxyCommand commands to connect, the commands do not exit when ssh exits. This results in a bunch of commands piling up on the machine over time. I experimented with four machines: linux-2.2.19+patches, openssh-3.0.1p1 linux-2.2.14+patches, openssh-3.0.1p1 freebsd-4.5-stable, openssh-2.9 localisations 200...