[Bug 3542] New: Allow to redirect stderr only even with tty

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Feb 18 02:45:25 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3542

            Bug ID: 3542
           Summary: Allow to redirect stderr only even with tty
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cadeaudeelie at gmail.com

The use case:

We use bastion that will enter `exec su -` and enter the root password
when login with a tty. This help us having `PermitRootLogin no`
however once in tty stdout and stderr are multiplexed in this tty.

this elevation scenario doesn't execute when scp or sftp is used. The
solution is to send raw data to first call `stty raw` to transform the
tty as pipe and the we exec the command `dd of=target` (maybe their is
a better way).
The command are sended with GNU expect and `interact` that connect
expect stdin to the ssh tty' stdin.

For splitting stdout and stderr we have can use solution like this:

https://unix.stackexchange.com/questions/653431/ssh-with-separate-stdin-stdout-stderr-and-tty

or use process substitution
https://tldp.org/LDP/abs/html/process-sub.html
with `2> >(sed 's|.*|stderr:&|')` and then resplit locally. This does
incur a bit overhead.





The request:
- could we have regular fd (guarded behind a flag because it seems
uncommon) and having tty.
- Or allow fd 2 to not be attached to the tty

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list