[Bug 2824] New: Add a configuration option / hook that will enable running a shell command / script right before connecting

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jan 24 02:14:31 AEDT 2018 

https://bugzilla.mindrot.org/show_bug.cgi?id=2824

            Bug ID: 2824
           Summary: Add a configuration option / hook that will enable
                    running a shell command / script right before
                    connecting
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: doron.behar at gmail.com

I've come to realize this feature is needed after encountering two bug
reports ([1][br1] and [2][br2]) and a [stackoverflow question][1].

I'm a GnuPG user and I use the ssh support of gpg-agent. It is
documented in [GnuPG's website][2] and on [Arch Linux' wiki][3] the
following:

> SSH has no way to tell the gpg-agent what terminal or X display it is running on. So when remotely logging into a box where a gpg-agent with SSH support is running, the pinentry will get popped up on whatever display the gpg-agent has been started.

The workaround used by gpg-agent (with ssh support) users is telling
gpg-agent to update the tty it is connected to (using the command:
`gpg-connect-agent updatestartuptty /bye`).

The [stackoverflow question][1] relates to authentication of the user
on the local machine to the network (using `kinit`) right before
connecting.

What if there was actually a 'BeforeHook' configuration option that
will enable users to run a certain command right before connecting to a
certain host or in general? It could help gpg-agent users and kinit
users as well.

Right now, users of gpg-agent with ssh agent emulated need to run these
commands every time they want to authenticate themselves. In my case,
because I use tmux most of the time and because the tty is changed for
every pane I use, I need to update the tty gpg-agent is connected to
every time I change the pane. That's really annoying and it can easily
be fixed with a hook like above.

[br1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851440
[br2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854376

[1]:
https://stackoverflow.com/questions/32574142/can-i-set-up-a-before-hook-on-certain-ssh-hosts
[2]:
https://www.gnupg.org/documentation/manuals/gnupg/Common-Problems.html
[3]: https://wiki.archlinux.org/index.php/GnuPG#SSH_agent

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list