[Bug 3369] New: Local script, invoked via "Match ... exec <script>" is disconnected from stdin/stdout

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Nov 26 08:14:44 AEDT 2021 

https://bugzilla.mindrot.org/show_bug.cgi?id=3369

            Bug ID: 3369
           Summary: Local script, invoked via "Match ... exec <script>" is
                    disconnected from stdin/stdout
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cponder at nvidia.com

For some context, here's my use-case:

I have an authentication_script that generates a temporary certificate
to log onto a remote system.
I want to call this automatically when I try to connect, *IF* the
certificate has expired.
Here's the entry I use in my ~/.ssh/config to make this happen:

      Match originalhost remote.site exec "test $(file.age %%h
~/.ssh/SITE/certificate) -gt 24" exec "gnome-terminal --
~/.ssh/SITE/authentication_script -o ~/.ssh/SITE/certificate"

This is a bit of a hack in that it runs the script inside a new
terminal-window.
I don't think I should have to do this, I'd like the password prompt to
come out after the command-line in the same session, analogous to what
I'd get when ssh asks for the password.
If I just try to execute the utility

     exec "~/.ssh/SITE/authentication_script -o
~/.ssh/SITE/certificate"

though, I get these error-messages:

     stty: 'standard input': Inappropriate ioctl for device
     stty: 'standard input': Inappropriate ioctl for device
     authentication_script: The sshproxy server said: Authentication
failed. Failed login: myname: 
     authentication_script: This usually means you did not enter the
correct password or OTP: 
     stty: 'standard input': Inappropriate ioctl for device
     stty: 'standard input': Inappropriate ioctl for device
     stty: 'standard input': Inappropriate ioctl for device
     authentication_script: The sshproxy server said: Authentication
failed. Failed login: myname: 
     authentication_script: This usually means you did not enter the
correct password or OTP: 
     stty: 'standard input': Inappropriate ioctl for device

My understanding is that the stdin & stdout have been severed from the
exec-shell where the utility is executed.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list