Mailing List Archive

On Sat, 13 Jan 2024, Rob Leslie wrote:

> Hello,
>
> On macOS, Terminal’s “New Remote Connection…” command runs ssh in a new window like this:
>
> login -pfq $USER /usr/bin/ssh $HOST
>
> Here, login executes /usr/bin/ssh with argv[0] set to “-ssh”.
>
> If $HOST has a ProxyJump configuration, the resulting ProxyCommand is:
>
> -ssh -W '[%h]:%p' $JUMP_HOST
>
> Because of the leading hyphen, this fails to execute. If the user’s shell is zsh, the Terminal window shows:
>
> zsh:1: unknown exec flag -s
>
> Would it make sense to ignore any leading hyphen when constructing the ProxyCommand from ProxyJump?
>
> % ssh -V
> OpenSSH_9.4p1, LibreSSL 3.3.6

This sounds more like a problem in OSX Terminal.app than ssh. We could do
something like this:


diff --git a/ssh.c b/ssh.c
index 48d93ddf2..7cd498f84 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1313,7 +1313,7 @@ main(int ac, char **av)
* Try to use SSH indicated by argv[0], but fall back to
* "ssh" if it appears unavailable.
*/
- if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
+ if (access(argv0, X_OK) != 0)
sshbin = "ssh";

/* Consistency check */
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Mon, 15 Jan 2024, Damien Miller wrote:

> On Sat, 13 Jan 2024, Rob Leslie wrote:
>
> > Hello,
> >
> > On macOS, Terminal’s “New Remote Connection…” command runs ssh in a new window like this:
> >
> > login -pfq $USER /usr/bin/ssh $HOST
> >
> > Here, login executes /usr/bin/ssh with argv[0] set to “-ssh”.
> >
> > If $HOST has a ProxyJump configuration, the resulting ProxyCommand is:
> >
> > -ssh -W '[%h]:%p' $JUMP_HOST
> >
> > Because of the leading hyphen, this fails to execute. If the user’s shell is zsh, the Terminal window shows:
> >
> > zsh:1: unknown exec flag -s
> >
> > Would it make sense to ignore any leading hyphen when constructing the ProxyCommand from ProxyJump?
> >
> > % ssh -V
> > OpenSSH_9.4p1, LibreSSL 3.3.6
>
> This sounds more like a problem in OSX Terminal.app than ssh. We could do
> something like this:

actually, that won't work at all :(
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

> On Jan 14, 2024, at 2:14?PM, Damien Miller <djm@mindrot.org> wrote:
>
> On Sat, 13 Jan 2024, Rob Leslie wrote:
>
>> Hello,
>>
>> On macOS, Terminal’s “New Remote Connection…” command runs ssh in a new window like this:
>>
>> login -pfq $USER /usr/bin/ssh $HOST
>>
>> Here, login executes /usr/bin/ssh with argv[0] set to “-ssh”.
>>
>> If $HOST has a ProxyJump configuration, the resulting ProxyCommand is:
>>
>> -ssh -W '[%h]:%p' $JUMP_HOST
>>
>> Because of the leading hyphen, this fails to execute. If the user’s shell is zsh, the Terminal window shows:
>>
>> zsh:1: unknown exec flag -s
>>
>> Would it make sense to ignore any leading hyphen when constructing the ProxyCommand from ProxyJump?
>>
>> % ssh -V
>> OpenSSH_9.4p1, LibreSSL 3.3.6
>
> This sounds more like a problem in OSX Terminal.app than ssh.

I’m not sure why Terminal.app invokes login rather than ssh directly, but I think executing a program with the first character of argv[0] set to a hyphen to indicate a login session is not an uncommon convention.

> We could do something like this:
>
>
> diff --git a/ssh.c b/ssh.c
> index 48d93ddf2..7cd498f84 100644
> --- a/ssh.c
> +++ b/ssh.c
> @@ -1313,7 +1313,7 @@ main(int ac, char **av)
> * Try to use SSH indicated by argv[0], but fall back to
> * "ssh" if it appears unavailable.
> */
> - if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
> + if (access(argv0, X_OK) != 0)
> sshbin = "ssh";
>
> /* Consistency check */


I was thinking perhaps something like this:


diff --git a/ssh.c b/ssh.c
index 0019281f4..4c80e0df6 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1313,7 +1313,9 @@ main(int ac, char **av)
* Try to use SSH indicated by argv[0], but fall back to
* "ssh" if it appears unavailable.
*/
- if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
+ if (*sshbin == '-')
+ ++sshbin;
+ if (strchr(sshbin, '/') != NULL && access(sshbin, X_OK) != 0)
sshbin = "ssh";
/* Consistency check */

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Hello Rob,

Rob Leslie wrote:
> Hello,
>
> On macOS, Terminal’s “New Remote Connection…” command runs ssh in a new window like this:
>
> login -pfq $USER /usr/bin/ssh $HOST

Is there a way to start non-login session?


> Here, login executes /usr/bin/ssh with argv[0] set to “-ssh”.
>
> [snip]

Regards,
Roumen Petrov

--
Advanced secure shell implementation with X.509 certificate support
http://roumenpetrov.info/secsh/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Hello Roumen,

> On Jan 15, 2024, at 12:10?PM, Roumen Petrov <openssh@roumenpetrov.info> wrote:
>
> Hello Rob,
>
> Rob Leslie wrote:
>>
>> On macOS, Terminal’s “New Remote Connection…” command runs ssh in a new window like this:
>>
>> login -pfq $USER /usr/bin/ssh $HOST
>
> Is there a way to start non-login session?

Yes, there is an alternative method using “New Command…” which has an option to run the command inside a shell, but such sessions do not have the nice property of being automatically resumed when Terminal.app is restarted in the same way sessions started with “New Remote Connection…” are.

--
Rob Leslie
rob@mars.org

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

> On Jan 14, 2024, at 8:35?PM, Rob Leslie <rob@mars.org> wrote:
>
>> On Jan 14, 2024, at 2:14?PM, Damien Miller <djm@mindrot.org> wrote:
>>
>> We could do something like this:
>>
>>
>> diff --git a/ssh.c b/ssh.c
>> index 48d93ddf2..7cd498f84 100644
>> --- a/ssh.c
>> +++ b/ssh.c
>> @@ -1313,7 +1313,7 @@ main(int ac, char **av)
>> * Try to use SSH indicated by argv[0], but fall back to
>> * "ssh" if it appears unavailable.
>> */
>> - if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
>> + if (access(argv0, X_OK) != 0)
>> sshbin = "ssh";
>>
>> /* Consistency check */
>
>
> I was thinking perhaps something like this:
>
>
> diff --git a/ssh.c b/ssh.c
> index 0019281f4..4c80e0df6 100644
> --- a/ssh.c
> +++ b/ssh.c
> @@ -1313,7 +1313,9 @@ main(int ac, char **av)
> * Try to use SSH indicated by argv[0], but fall back to
> * "ssh" if it appears unavailable.
> */
> - if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
> + if (*sshbin == '-')
> + ++sshbin;
> + if (strchr(sshbin, '/') != NULL && access(sshbin, X_OK) != 0)
> sshbin = "ssh";
> /* Consistency check */

Was there no love for this in OpenSSH 9.7?

--
Rob Leslie
rob@mars.org

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev