similar to: Feature request: "SetupCommand" invoked before connecting

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

Hello, I just ran upon this problem and couldn't find it in bugzilla. SSH crashes (abort trap) if all of the following conditions are met: (a) option -f is used (crash happens when going to background), (b) reverse port forwarding is set up (option -R), (c) option ExitOnForwardFailure is enabled, (d) there are no actual port-forwarding failures. The problem can be reproduced by

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

This provides a mechanism to attach arbitrary configure options into the ssh_config file and use them from the LocalCommand and ProxyCommand. Examples: # set FOO to foo LocalEnvMod FOO = foo # append bar to FOO with default separator "," LocalEnvMod FOO += bar # unset FOO LocalEnvMod FOO = # append foo to BAR with separator ":", if BAR is empty

There is a race in the setup of the ControlMaster socket in auto mode, as illustrated by the following command line: ssh -oControlMaster=auto -oControlPath=sock localhost 'sleep 1; echo 1' & ssh -oControlMaster=auto -oControlPath=sock localhost 'sleep 2; echo 2' & Both of the commands will try to start up as a control client, find that sock does not exist, and switch into

Hi, Not sure if this anyone else is interested in this but to me it seems to make sense to use different control session multiplexer sockets for bulk and interactive workloads. Index: auth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.94 diff -u -p -r1.94 auth.c --- auth.c 23 May 2011 03:33:38 -0000 1.94 +++

https://bugzilla.mindrot.org/show_bug.cgi?id=1808 Summary: "SetupCommand" invoked before connecting Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit:

This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@

Hi, getpwuid is called as seen in the patch, and is then called again indirectly by tilde_expand_filename without first copying off the results from the first call. This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too). Please CC me in replies; I'm not a subscriber. --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700 +++ openssh-4.4p1-fix/ssh.c

Hello, Testing on my system by doing the requested './configure && make tests' has this crash: ----------------------8< cut here 8<----------------------- test try ciphers: proto 2 cipher acss at openssh.org mac hmac-md5 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-sha1-96 test try ciphers: proto 2 cipher acss at openssh.org mac hmac-md5-96 ok try

Hi, I noticed the recent commit adding Match support to ssh(1). I look forward to giving it a try, but I have some initial feedback based on ssh_config.5 and an examiniation of match_cfg_line(). First, the "command" keyword could be a little deceptive. Although the man page makes the use of this keyword quite clear, my initial assumption was that the intent was to match against the

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

https://bugzilla.mindrot.org/show_bug.cgi?id=2449 Bug ID: 2449 Summary: uid for expansion in ControlPath Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

--- mux.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/mux.c b/mux.c index d90605e..fa796bd 100644 --- a/mux.c +++ b/mux.c @@ -1195,6 +1195,7 @@ muxserver_listen(void) close(muxserver_sock); muxserver_sock = -1; } + xfree(orig_control_path); xfree(options.control_path); options.control_path = NULL; options.control_master = SSHCTL_MASTER_NO;

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot