[Bug 3542] New: Allow to redirect stderr only even with tty
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Feb 18 02:45:25 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3542
Bug ID: 3542
Summary: Allow to redirect stderr only even with tty
Product: Portable OpenSSH
Version: 9.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: cadeaudeelie at gmail.com
The use case:
We use bastion that will enter `exec su -` and enter the root password
when login with a tty. This help us having `PermitRootLogin no`
however once in tty stdout and stderr are multiplexed in this tty.
this elevation scenario doesn't execute when scp or sftp is used. The
solution is to send raw data to first call `stty raw` to transform the
tty as pipe and the we exec the command `dd of=target` (maybe their is
a better way).
The command are sended with GNU expect and `interact` that connect
expect stdin to the ssh tty' stdin.
For splitting stdout and stderr we have can use solution like this:
https://unix.stackexchange.com/questions/653431/ssh-with-separate-stdin-stdout-stderr-and-tty
or use process substitution
https://tldp.org/LDP/abs/html/process-sub.html
with `2> >(sed 's|.*|stderr:&|')` and then resplit locally. This does
incur a bit overhead.
The request:
- could we have regular fd (guarded behind a flag because it seems
uncommon) and having tty.
- Or allow fd 2 to not be attached to the tty
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list