[Bug 3782] New: Existing configs broken by baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3782

            Bug ID: 3782
           Summary: Existing configs broken by
                    baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: 68k
                OS: Mac OS X
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jmcrawford45 at gmail.com

With the recent change to the parser for match directives, some complex
configs that were working with previous releases no longer work. Here's
a simplified example Match demonstrating a couple of the
non-backwards-compatible changes:

```
Match Host %* exec "bash -c 'test -z $INSTANCE_SSH_DISABLED &&
cmd=$(instance-lookup --port %p -f  '\''instance-ssh --user %r --asg
'\'\\\'\''{{.Group}}'\'\\\'\'' '\'' %h) && eval $cmd'"
```

This no longer parses in 9.9p1 due to a lack of $ escaping and due to
an inconsistency on what types of quote escapes are allowed in both
versions. I spent a bit of time trying to get to a syntax that was both
forwards and backwards compatible, but I finally just gave up and
stuffed the command into a separate file so the Match simplifies to
e.g.

Match Host %* exec "bash ~/.ssh/instance-ssh.sh %p %r %h"

I don't know if there's a good forward fix for this as the parsers seem
to differ pretty significantly, but I just wanted to call it out as a
breaking change and give the separate script file approach as a
workaround for settings that have to support configs for older versions
as well.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.