[openssh-commits] [openssh] 15/20: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed May 31 14:57:12 AEST 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc
Author: bluhm at openbsd.org <bluhm at openbsd.org>
Date: Tue May 30 18:58:37 2017 +0000
upstream commit
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line. This
command will be executed on the remote host. The feature allows to automate
tasks using ssh config. OK markus@
Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
---
readconf.c | 13 +++++++++++--
readconf.h | 3 ++-
ssh.1 | 5 +++--
ssh.c | 40 ++++++++++++++++++++++++++++++++--------
ssh_config.5 | 12 ++++++++++--
5 files changed, 58 insertions(+), 15 deletions(-)
diff --git a/readconf.c b/readconf.c
index 4be5327a..b11c628f 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.276 2017/05/20 02:35:47 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.277 2017/05/30 18:58:37 bluhm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -163,7 +163,8 @@ typedef enum {
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
- oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ oTunnel, oTunnelDevice,
+ oLocalCommand, oPermitLocalCommand, oRemoteCommand,
oVisualHostKey,
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
@@ -284,6 +285,7 @@ static struct {
{ "tunneldevice", oTunnelDevice },
{ "localcommand", oLocalCommand },
{ "permitlocalcommand", oPermitLocalCommand },
+ { "remotecommand", oRemoteCommand },
{ "visualhostkey", oVisualHostKey },
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
@@ -1440,6 +1442,10 @@ parse_keytypes:
intptr = &options->permit_local_command;
goto parse_flag;
+ case oRemoteCommand:
+ charptr = &options->remote_command;
+ goto parse_command;
+
case oVisualHostKey:
intptr = &options->visual_host_key;
goto parse_flag;
@@ -1828,6 +1834,7 @@ initialize_options(Options * options)
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
+ options->remote_command = NULL;
options->add_keys_to_agent = -1;
options->identity_agent = NULL;
options->visual_host_key = -1;
@@ -2032,6 +2039,7 @@ fill_default_options(Options * options)
} \
} while(0)
CLEAR_ON_NONE(options->local_command);
+ CLEAR_ON_NONE(options->remote_command);
CLEAR_ON_NONE(options->proxy_command);
CLEAR_ON_NONE(options->control_path);
CLEAR_ON_NONE(options->revoked_host_keys);
@@ -2509,6 +2517,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX);
dump_cfg_string(oLocalCommand, o->local_command);
+ dump_cfg_string(oRemoteCommand, o->remote_command);
dump_cfg_string(oLogLevel, log_level_name(o->log_level));
dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC);
#ifdef ENABLE_PKCS11
diff --git a/readconf.h b/readconf.h
index f47f5340..94dd427f 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.121 2017/04/30 23:18:22 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.122 2017/05/30 18:58:37 bluhm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -134,6 +134,7 @@ typedef struct {
char *local_command;
int permit_local_command;
+ char *remote_command;
int visual_host_key;
int request_tty;
diff --git a/ssh.1 b/ssh.1
index 10633d92..47cd0211 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.381 2017/05/05 10:41:58 naddy Exp $
-.Dd $Mdocdate: May 5 2017 $
+.\" $OpenBSD: ssh.1,v 1.382 2017/05/30 18:58:37 bluhm Exp $
+.Dd $Mdocdate: May 30 2017 $
.Dt SSH 1
.Os
.Sh NAME
@@ -518,6 +518,7 @@ For full details of the options listed below, and their possible values, see
.It PubkeyAcceptedKeyTypes
.It PubkeyAuthentication
.It RekeyLimit
+.It RemoteCommand
.It RemoteForward
.It RequestTTY
.It SendEnv
diff --git a/ssh.c b/ssh.c
index cfd6b70e..6137fd7d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.460 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.461 2017/05/30 18:58:37 bluhm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -973,12 +973,6 @@ main(int ac, char **av)
}
}
- /* Cannot fork to background if no command. */
- if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
- !no_shell_flag)
- fatal("Cannot fork into background without a command "
- "to execute.");
-
/*
* Initialize "log" output. Since we are the client all output
* goes to stderr unless otherwise specified by -y or -E.
@@ -1133,6 +1127,15 @@ main(int ac, char **av)
options.use_privileged_port = 0;
#endif
+ if (buffer_len(&command) != 0 && options.remote_command != NULL)
+ fatal("Cannot execute command-line and remote command.");
+
+ /* Cannot fork to background if no command. */
+ if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
+ options.remote_command == NULL && !no_shell_flag)
+ fatal("Cannot fork into background without a command "
+ "to execute.");
+
/* reinit */
log_init(argv0, options.log_level, options.log_facility, !use_syslog);
@@ -1141,7 +1144,7 @@ main(int ac, char **av)
tty_flag = 1;
/* Allocate a tty by default if no command specified. */
- if (buffer_len(&command) == 0)
+ if (buffer_len(&command) == 0 && options.remote_command == NULL)
tty_flag = options.request_tty != REQUEST_TTY_NO;
/* Force no tty */
@@ -1197,6 +1200,27 @@ main(int ac, char **av)
free(cp);
}
+ if (options.remote_command != NULL) {
+ debug3("expanding RemoteCommand: %s", options.remote_command);
+ cp = options.remote_command;
+ options.remote_command = percent_expand(cp,
+ "C", conn_hash_hex,
+ "L", shorthost,
+ "d", pw->pw_dir,
+ "h", host,
+ "l", thishost,
+ "n", host_arg,
+ "p", portstr,
+ "r", options.user,
+ "u", pw->pw_name,
+ (char *)NULL);
+ debug3("expanded RemoteCommand: %s", options.remote_command);
+ free(cp);
+ buffer_append(&command, options.remote_command,
+ strlen(options.remote_command));
+
+ }
+
if (options.control_path != NULL) {
cp = tilde_expand_filename(options.control_path,
original_real_uid);
diff --git a/ssh_config.5 b/ssh_config.5
index db37b92c..2c9e20fe 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $
-.Dd $Mdocdate: May 7 2017 $
+.\" $OpenBSD: ssh_config.5,v 1.249 2017/05/30 18:58:37 bluhm Exp $
+.Dd $Mdocdate: May 30 2017 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -1287,6 +1287,14 @@ is
.Cm default none ,
which means that rekeying is performed after the cipher's default amount
of data has been sent or received and no time based rekeying is done.
+.It Cm RemoteCommand
+Specifies a command to execute on the remote machine after successfully
+connecting to the server.
+The command string extends to the end of the line, and is executed with
+the user's shell.
+The same escape character substitutions as for
+.Cm LocalCommand
+will be performed.
.It Cm RemoteForward
Specifies that a TCP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list