[Bug 3000] New: Redirect of ProxyCommands' stderr to /dev/null hides useful information
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Apr 30 00:31:46 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3000
Bug ID: 3000
Summary: Redirect of ProxyCommands' stderr to /dev/null hides
useful information
Product: Portable OpenSSH
Version: 8.0p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jroquet at arkanosis.net
Hi,
8.0p1 introduces that change (from the release notes¹):
* ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
started with ControlPersist; prevents random ProxyCommand output
from interfering with session output.
I'm sure there are very good reasons to do that, however it has the
annoying side effect of hiding information that may otherwise be
useful.
Having updated yesterday, I've been missing two things already:
- the output generated by SSH's own VisualHostKey, which is printed to
stderr;
- the instructions sent on stderr by some SSH bastion I've no control
over, about how to use its proprietary 2FA (namely RSA SecurID).
I could probably live without the former (that's just a handy visual
clue I'm accustomed to), but I'm kind of lost without the latter,
because there's nothing standard in how that bastion expects me to
reply to the password prompt.
I can see plenty of other cases where stderr could be important for
ProxyCommands, starting with actual error messages one would expect to
find here.
Is there some subtlety I've missed here? Or any way to prevent stderr
from being hidden? I guess I could redirect it to stdout right in the
ProxyCommand, but that seems a bit “hacky”…
Thanks!
¹ https://www.openssh.com/releasenotes.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list