From malte.forkel at berlin.de Wed Dec 2 05:53:16 2009 From: malte.forkel at berlin.de (Malte Forkel) Date: Tue, 01 Dec 2009 19:53:16 +0100 Subject: How to modify environment variables before executing a command Message-ID: Hi, I'd like to access and modify shell environment variables before executing a command on a remote host via ssh. Unfortenatly, I can't figure out the proper way to do this... It seems, standard shell configuration files (e.g. ~/.bash_profile) are not sourced before ssh executes a command. Of course I could explicitly source them, e.g. ssh user at host 'source ~/.bash_profile; command' But I don't like that because it delegates a server side configuration task to the clients. Is there a way to achieve this in a more general fashion on a per user basis? I tried both ~/.ssh/environment and ~/.ssh/rc, as documented in the man page. But ~/.ssh/environment only works for static variables and I didn't manage to export variables defined in ~/.ssh/rc. For example, if I have these files in my home directory on server # ~/.ssh/environment VAR1=$(date) and # ~/.ssh/rc VAR2=$(date) export VAR2 then executing env from the client via ssh malte at server env | grep VAR will result in VAR1=$(date) i.e., VAR1 is passed literally while VAR2 is not available. And where are the variables defined that I see when exexuting ssh user at server env Among them are SHELL=/bin/bash PWD=/home/malte Thanks in advance, Malte From scott_n at xypro.com Thu Dec 3 04:32:02 2009 From: scott_n at xypro.com (Scott Neugroschl) Date: Wed, 2 Dec 2009 09:32:02 -0800 Subject: ENGINE support? Message-ID: <78DD71C304F38B41885A242996B96F7302095AF8@xyservd.XYPRO-23.LOCAL> I'm trying to add an ENGINE to OpenSSH, and am looking at scard.c and scard-opensc.c as an example. I have a couple of questions -- 1. in both of them, in sc_get_engine(), the returned ENGINE is declared static, but it's overwritten each call. Is sc_get_engine intended to be called only once? When is ENGINE_free() called? 2. Where is the returned ENGINE used? Where is it hooked into OpenSSL? ---- Scott Neugroschl XYPRO Technology Corporation scott_n at xypro.com 805-583-2874 From malte.forkel at berlin.de Thu Dec 3 05:25:09 2009 From: malte.forkel at berlin.de (Malte Forkel) Date: Wed, 02 Dec 2009 19:25:09 +0100 Subject: How to modify environment variables before executing a command In-Reply-To: References: Message-ID: >> I'd like to access and modify shell environment variables before >> executing a command on a remote host via ssh. Unfortenatly, I can't >> figure out the proper way to do this... Thanks for the suggestions I received! Karlan T. Mitchell schrieb: > ~/.bashrc I believe. Profile is for local terminals.....pretty sure at > least. Hope this helps Jim Rees schrieb: > The bash man page suggests you should be able to do this: > ~/.ssh/environment > BASH_ENV=.bash_profile I extended my test scenario to four configuration files on the server: # .ssh/environment VAR1=$(date) BASH_ENV=~/.ssh/ssh_profile # .ssh/rc echo ".ssh/rc" VAR2=$(date) export VAR2 # .bashrc echo ".bashrc" VAR3=$(date) export VAR3 # ~/.ssh/ssh_profile echo ".ssh/ssh_profile" VAR4=$(date) export VAR4 Now, when I execute $ ssh server env | grep -E -e '^\.' -e VAR I get .ssh/ssh_profile .ssh/rc .bashrc VAR1=$(date) VAR3=Mi 2. Dez 18:16:33 CET 2009 So all four files are read or sourced, respectively. I hadn't noticed that ~/.bashrc is sourced because it starts with # If not running interactively, don't do anything [ -z "$PS1" ] && return which terminates it in the ssh context. But above that test I could insert a test for some flag set in .ssh/environment and setup the shell variables I need for ssh. Still, that seems a little awkward as .bashrc is sourced every time any shell is created with the default configuration files. I'm still looking for a more ssh-specific solution. Unfortenately, the variables exported from the two ssh-specific files .ssh/rc and .ssh/ssh_profile don't make it into the environment. Why is that? A secondary problem with using BASH_ENV could be that its value is evaluated by every non-interactive shell. So, if I use ssh to login to the server and then run a script with bash, the file specified by BASH_ENV is sourced. For example, with the above setup: $ echo "echo foo" > say_foo.sh $ bash say_foo.sh .ssh/ssh_profile foo Any more suggestions on how to modify environment variables before executing a command via ssh? Thanks, Malte From peter at stuge.se Thu Dec 3 07:06:30 2009 From: peter at stuge.se (Peter Stuge) Date: Wed, 2 Dec 2009 21:06:30 +0100 Subject: How to modify environment variables before executing a command In-Reply-To: References: Message-ID: <20091202200630.4711.qmail@stuge.se> Malte Forkel wrote: > Any more suggestions on how to modify environment variables before > executing a command via ssh? You can use SendEnv in the client configuration. But the server must also AcceptEnv those same variables. //Peter From deengert at anl.gov Thu Dec 3 07:26:17 2009 From: deengert at anl.gov (Douglas E. Engert) Date: Wed, 02 Dec 2009 14:26:17 -0600 Subject: How to modify environment variables before executing a command In-Reply-To: References: Message-ID: <4B16CD69.3090701@anl.gov> Malte Forkel wrote: > > Any more suggestions on how to modify environment variables before > executing a command via ssh? > SSH will set the SSH_CLIENT, SSH_TTY and SSH_CONNECTION So you can tell if this is an ssh session. ~./.bashrc is always run, and $- on my Ubuntu is hBc the first time. If its interactive, ~/.bash_profile is then run and $- is himBH. Some systems might run /etc/profile as well, so tests are needed try echo $- So your .bashrc could test for SSH_CLIENT,and $- for c and set what it wants. It could also set MY_ENV_HAS_BEEN_SET=1 so you only run you code once at the start of a session. > Thanks, Malte > > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 From malte.forkel at berlin.de Thu Dec 3 08:08:45 2009 From: malte.forkel at berlin.de (Malte Forkel) Date: Wed, 02 Dec 2009 22:08:45 +0100 Subject: How to modify environment variables before executing a command In-Reply-To: <20091202200630.4711.qmail@stuge.se> References: <20091202200630.4711.qmail@stuge.se> Message-ID: Peter Stuge schrieb: > Malte Forkel wrote: >> Any more suggestions on how to modify environment variables before >> executing a command via ssh? > > You can use SendEnv in the client configuration. But the server must > also AcceptEnv those same variables. The command I execute via ssh installs packages into a repository on the server. The environment variable I'd like to be able to modify is used to access an instance of gpg-agent on the server. So unfortenately, SendEnv does not help me in this case because the value of the environment variable is known/created on the server. Malte From malte.forkel at berlin.de Thu Dec 3 08:22:25 2009 From: malte.forkel at berlin.de (Malte Forkel) Date: Wed, 02 Dec 2009 22:22:25 +0100 Subject: How to modify environment variables before executing a command In-Reply-To: <4B16CD69.3090701@anl.gov> References: <4B16CD69.3090701@anl.gov> Message-ID: Douglas E. Engert schrieb: > > SSH will set the SSH_CLIENT, SSH_TTY and SSH_CONNECTION > So you can tell if this is an ssh session. > > ~./.bashrc is always run, and $- on my Ubuntu is hBc > the first time. If its interactive, ~/.bash_profile is then run and > $- is himBH. > > Some systems might run /etc/profile as well, so tests are needed > try echo $- > > So your .bashrc could test for SSH_CLIENT,and $- for c > and set what it wants. It could also set MY_ENV_HAS_BEEN_SET=1 > so you only run you code once at the start of a session. > You're right. That way I wouldn't have to set a flag in .ssh/environment. But I'm still somewhat reluctant to put ssh-specific code into .bashrc which does not seem to be meant for non-interactive shells while I don't unterstand why the ssh-specific configuration files can't export variables. Malte From rees at merit.edu Thu Dec 3 08:42:05 2009 From: rees at merit.edu (Jim Rees) Date: Wed, 2 Dec 2009 16:42:05 -0500 Subject: How to modify environment variables before executing a command In-Reply-To: References: <4B16CD69.3090701@anl.gov> Message-ID: <20091202214205.GA15235@merit.edu> Malte Forkel wrote: But I'm still somewhat reluctant to put ssh-specific code into .bashrc which does not seem to be meant for non-interactive shells while I don't unterstand why the ssh-specific configuration files can't export variables. Ssh has no problem exporting env vars, as you have discovered. Just put them in .ssh/environment. You are trying to do something bash-specific in your ssh config file: VAR1=$(date) That's not going to work. If you want to run bash code, you have to put it in a bash config file, not in an ssh config file. From carson at taltos.org Sat Dec 5 20:42:38 2009 From: carson at taltos.org (Carson Gaspar) Date: Sat, 05 Dec 2009 10:42:38 +0100 Subject: How to modify environment variables before executing a command In-Reply-To: <20091202214205.GA15235@merit.edu> References: <4B16CD69.3090701@anl.gov> <20091202214205.GA15235@merit.edu> Message-ID: <4B1A2B0E.2070402@taltos.org> Jim Rees wrote: > Ssh has no problem exporting env vars, as you have discovered. Just put > them in .ssh/environment. You are trying to do something bash-specific in > your ssh config file: > > VAR1=$(date) > > That's not going to work. If you want to run bash code, you have to put it > in a bash config file, not in an ssh config file. That's not bash-specific, that's POSIX. The "probem" is that .ssh/environment is not shell code, it's just a set of key/value pairs. Read the man page, it will help ;-) If you want something to happen in your SSH session, and don't want it to happen during normal shells, why don't you just ask for it in your remote command? e.g. instead of doing "ssh myserver mycmd" do "ssh myserver 'source myconfig && mycmd'". Otherwise modify your shell config as many other folks have said, making its execution conditional on its environment. From christian.pfaffel-janser at siemens.com Mon Dec 7 06:03:13 2009 From: christian.pfaffel-janser at siemens.com (Pfaffel-Janser, Christian) Date: Sun, 6 Dec 2009 20:03:13 +0100 Subject: How to modify environment variables before executing a command References: <4B16CD69.3090701@anl.gov> <20091202214205.GA15235@merit.edu> <4B1A2B0E.2070402@taltos.org> Message-ID: <1B8AF39CACF71744BE07006131091BBE0211C4DB@atnets15na.ww300.siemens.net> Hi, You might want to use ~/.ssh/rc See sshd(8) for details. Christian -----Original Message----- From: openssh-unix-dev-bounces+christian.pfaffel-janser=siemens.com at mindrot.org on behalf of Carson Gaspar Sent: Sat 2009-12-05 10:42 To: openssh-unix-dev at mindrot.org Subject: Re: How to modify environment variables before executing a command Jim Rees wrote: > Ssh has no problem exporting env vars, as you have discovered. Just put > them in .ssh/environment. You are trying to do something bash-specific in > your ssh config file: > > VAR1=$(date) > > That's not going to work. If you want to run bash code, you have to put it > in a bash config file, not in an ssh config file. That's not bash-specific, that's POSIX. The "probem" is that .ssh/environment is not shell code, it's just a set of key/value pairs. Read the man page, it will help ;-) If you want something to happen in your SSH session, and don't want it to happen during normal shells, why don't you just ask for it in your remote command? e.g. instead of doing "ssh myserver mycmd" do "ssh myserver 'source myconfig && mycmd'". Otherwise modify your shell config as many other folks have said, making its ex sshd(8ecution conditional on its environment. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev From devang at teaksi.com Fri Dec 11 23:18:04 2009 From: devang at teaksi.com (Devang Modi) Date: Fri, 11 Dec 2009 17:48:04 +0530 Subject: Your Valuable Inputs Message-ID: Dear Friend; We are using SSH as a main service on one of our Red Hat linux 9 based server. The version is "$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 ". You can see this is an older version but we are happy with it. We are facing only one little issue with this which is "After 'login: user id' inputting, server is taking almost 17 seconds before displaying password request on client's screen back". In short we can say delay between User ID inputting and Password demanding. We concluded it after usage of more than one different SSH Client software. Can you tell me why it so? for your reference I am sending configuration files herewith. Please help me by giving your best inputs and suggestions over it. Heartily thanks -- Devang Modi Teak System Incorporated From williamv at opera.com Sat Dec 12 00:36:44 2009 From: williamv at opera.com (William Viker) Date: Fri, 11 Dec 2009 14:36:44 +0100 Subject: Your Valuable Inputs In-Reply-To: References: Message-ID: On Fri, 11 Dec 2009 13:18:04 +0100, Devang Modi wrote: > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /root/.ssh/identity ((nil)) > debug2: key: /root/.ssh/id_rsa ((nil)) > debug2: key: /root/.ssh/id_dsa ((nil)) >( TAKES A LONG TIME ) >debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > publickey,password,keyboard-interactive > debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /root/.ssh/identity This is the debug from the ssh *client*, right? I think it would be more interesting to see debug from the server. - A long shot in case you haven't checked: Are your DNS servers working properly? It might have to wait for a dns lookup or something like that. -- William Viker From imorgan at nas.nasa.gov Tue Dec 15 05:42:02 2009 From: imorgan at nas.nasa.gov (Iain Morgan) Date: Mon, 14 Dec 2009 10:42:02 -0800 Subject: Argument processing with sftp Message-ID: <20091214184202.GA25733@linux55.nas.nasa.gov> Greetings, One aspect of the recent sftp renovation which I don't recall being discussed is its command-line argument processing. In particular, the command-line syntax supports retrieving a file as follows: $ sftp hoastA:file1 file2 But it does not support a similar syntax to send a file. In other words, $ sftp file1 hostA:file2 is not currently supported. Moreover, the following command does not do what you might expect: $ sftp hostA:file1 hostB:file2 Instead of transferring a file between hostB and hostA, it retrieves a file from hostA to the local host and names it hostB:file2. Are there any plans to addres this part of sftp's command-line syntax in the near future. Since the stted goal is to make sftp a drop-in replacement for scp, it would seem that these issues need to be addressed at some point. Thanks -- Iain Morgan From pyue at sympatico.ca Wed Dec 16 13:15:53 2009 From: pyue at sympatico.ca (Peter Yue) Date: Tue, 15 Dec 2009 21:15:53 -0500 Subject: No ssh connection if the 1st DNS fails; 2nd DNS has no effect Message-ID: <1260929753.6191.0.camel@pyue-7> Hello, I have googled and searched the openssh database. I could not find the answer. Hence, I write this email. I would like to know if ssh only looks for the primary DNS to resvolve the IP address and this is normal; this is for security purpose. The followings were what I tried: --------------------------------- I used "ssh -v xxx.yyy.zzz" to connect. There was an error message: "ssh: Could not resolve hostname xxx.yyy.zzz: Name or service not known" If I use dot-quad (i.e., ssh 123.456.789.123), it worked. I used "wireshark" to monitor the traffic. Wireshark showed that the primary DNS could not resolve the address and returned "server failure". Ssh then stopped without trying the secondary DNS. When I "dig xxx.yyy.zzz" or "nslookup xxx", wireshark showed that the primary DNS failed and returned "server failure". However, it immediately asked the secondary DNS server listed in /etc/resolv.conf and I got the correct IP. Regards, Peter Yue From peter at stuge.se Wed Dec 16 18:33:03 2009 From: peter at stuge.se (Peter Stuge) Date: Wed, 16 Dec 2009 08:33:03 +0100 Subject: No ssh connection if the 1st DNS fails; 2nd DNS has no effect In-Reply-To: <1260929753.6191.0.camel@pyue-7> References: <1260929753.6191.0.camel@pyue-7> Message-ID: <20091216073303.25364.qmail@stuge.se> Peter Yue wrote: > I would like to know if ssh only looks for the primary DNS to > resvolve the IP address and this is normal; this is for security > purpose. ssh uses the getaddrinfo() system library function to resolve a name into an IP address. How temporary DNS failures are handled by your library is out of scope for ssh. //Peter From vinschen at redhat.com Thu Dec 17 20:47:37 2009 From: vinschen at redhat.com (Corinna Vinschen) Date: Thu, 17 Dec 2009 10:47:37 +0100 Subject: [PATCH] contrib/cygwin/Makefile: Install ssh-copy-id Message-ID: <20091217094737.GA14229@calimero.vinschen.de> Hi, could somebody with checkin rights please apply the below patch to the Cygwin postinstall Makefile? The patch adds two changes: - Install ssh-copy-id and ssh-copy-id.1 as well. - Gzip all man pages. Thanks in advance, Corinna Index: contrib/cygwin/Makefile =================================================================== RCS file: /cvs/openssh/contrib/cygwin/Makefile,v retrieving revision 1.4 diff -u -p -r1.4 Makefile --- contrib/cygwin/Makefile 1 Dec 2008 10:34:28 -0000 1.4 +++ contrib/cygwin/Makefile 17 Dec 2009 09:44:39 -0000 @@ -1,8 +1,10 @@ srcdir=../.. +copyidsrcdir=.. prefix=/usr exec_prefix=$(prefix) bindir=$(prefix)/bin datadir=$(prefix)/share +mandir=$(datadir)/man docdir=$(datadir)/doc sshdocdir=$(docdir)/openssh cygdocdir=$(docdir)/Cygwin @@ -59,5 +61,16 @@ install-scripts: ssh-host-config ssh-use $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config -cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts +install-copy-id: $(copyidsrcdir)/ssh-copy-id $(copyidsrcdir)/ssh-copy-id.1 + $(INSTALL) -m 755 $(copyidsrcdir)/ssh-copy-id $(DESTDIR)$(bindir)/ssh-copy-id + $(INSTALL) -m 644 $(copyidsrcdir)/ssh-copy-id.1 $(DESTDIR)$(mandir)/man1/ssh-copy-id.1 + +gzip-man-pages: + rm $(DESTDIR)$(mandir)/man1/slogin.1 + gzip $(DESTDIR)$(mandir)/man1/*.1 + gzip $(DESTDIR)$(mandir)/man5/*.5 + gzip $(DESTDIR)$(mandir)/man8/*.8 + cd $(DESTDIR)$(mandir)/man1 && ln -s ssh.1.gz slogin.1.gz + +cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts install-copy-id gzip-man-pages @echo "Cygwin specific configuration finished." -- Corinna Vinschen Cygwin Project Co-Leader Red Hat From peter at stuge.se Thu Dec 17 21:16:40 2009 From: peter at stuge.se (Peter Stuge) Date: Thu, 17 Dec 2009 11:16:40 +0100 Subject: ssh-agent in Cygwin? Message-ID: <20091217101640.3746.qmail@stuge.se> Hi, We're adding agent support to libssh2 and I'd like to know if the OpenSSH ssh-agent runs also in Cygwin, and if so how it does IPC? Pageant will be supported, but if it makes sense and there is little overhead it would be nice to also cover Cygwin. //Peter From vinschen at redhat.com Thu Dec 17 22:09:29 2009 From: vinschen at redhat.com (Corinna Vinschen) Date: Thu, 17 Dec 2009 12:09:29 +0100 Subject: ssh-agent in Cygwin? In-Reply-To: <20091217101640.3746.qmail@stuge.se> References: <20091217101640.3746.qmail@stuge.se> Message-ID: <20091217110929.GT8059@calimero.vinschen.de> On Dec 17 11:16, Peter Stuge wrote: > Hi, > > We're adding agent support to libssh2 and I'd like to know if the > OpenSSH ssh-agent runs also in Cygwin, and if so how it does IPC? > Pageant will be supported, but if it makes sense and there is little > overhead it would be nice to also cover Cygwin. I don't quite understand the question. Cygwin's ssh-agent is working just like on other platforms, using AF_UNIX sockets. Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat From peter at stuge.se Fri Dec 18 00:09:52 2009 From: peter at stuge.se (Peter Stuge) Date: Thu, 17 Dec 2009 14:09:52 +0100 Subject: ssh-agent in Cygwin? In-Reply-To: <20091217110929.GT8059@calimero.vinschen.de> References: <20091217101640.3746.qmail@stuge.se> <20091217110929.GT8059@calimero.vinschen.de> Message-ID: <20091217130952.2169.qmail@stuge.se> Corinna Vinschen wrote: > > We're adding agent support to libssh2 and I'd like to know if the > > OpenSSH ssh-agent runs also in Cygwin, and if so how it does IPC? > > Pageant will be supported, but if it makes sense and there is little > > overhead it would be nice to also cover Cygwin. > > I don't quite understand the question. Cygwin's ssh-agent is > working just like on other platforms, using AF_UNIX sockets. Ok! Are those sockets somehow reachable from native win32? //Peter From vinschen at redhat.com Fri Dec 18 00:52:08 2009 From: vinschen at redhat.com (Corinna Vinschen) Date: Thu, 17 Dec 2009 14:52:08 +0100 Subject: ssh-agent in Cygwin? In-Reply-To: <20091217130952.2169.qmail@stuge.se> References: <20091217101640.3746.qmail@stuge.se> <20091217110929.GT8059@calimero.vinschen.de> <20091217130952.2169.qmail@stuge.se> Message-ID: <20091217135208.GA18144@calimero.vinschen.de> On Dec 17 14:09, Peter Stuge wrote: > Corinna Vinschen wrote: > > > We're adding agent support to libssh2 and I'd like to know if the > > > OpenSSH ssh-agent runs also in Cygwin, and if so how it does IPC? > > > Pageant will be supported, but if it makes sense and there is little > > > overhead it would be nice to also cover Cygwin. > > > > I don't quite understand the question. Cygwin's ssh-agent is > > working just like on other platforms, using AF_UNIX sockets. > > Ok! Are those sockets somehow reachable from native win32? No. Why is that necesary? libssh2 should be usable within the Cygwin POSIX layer without using any native Win32 functions. Please treat the Cygwin target like any other POSIX target, just like BSD, Linux, Solaris, etc. Don't treat it as a Win32 target. Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat From peter at stuge.se Fri Dec 18 01:09:18 2009 From: peter at stuge.se (Peter Stuge) Date: Thu, 17 Dec 2009 15:09:18 +0100 Subject: ssh-agent in Cygwin? In-Reply-To: <20091217135208.GA18144@calimero.vinschen.de> References: <20091217101640.3746.qmail@stuge.se> <20091217110929.GT8059@calimero.vinschen.de> <20091217130952.2169.qmail@stuge.se> <20091217135208.GA18144@calimero.vinschen.de> Message-ID: <20091217140918.12932.qmail@stuge.se> Corinna Vinschen wrote: > > > I don't quite understand the question. Cygwin's ssh-agent is > > > working just like on other platforms, using AF_UNIX sockets. > > > > Ok! Are those sockets somehow reachable from native win32? > > No. Why is that necesary? libssh2 should be usable within the Cygwin > POSIX layer without using any native Win32 functions. Yes, but I'm thinking of the case where a win32 app is using libssh2 and there is an ssh-agent in Cygwin. If not too difficult, it would be nice to make that too work. (win32 app+pageant and cygwin app+cygwin ssh-agent should work already, this is another case.) //Peter From agc at pkgsrc.org Fri Dec 18 11:16:29 2009 From: agc at pkgsrc.org (Alistair Crooks) Date: Fri, 18 Dec 2009 01:16:29 +0100 Subject: [agc@NetBSD.org: CVS commit: src/crypto/external/bsd/openssh/dist] Message-ID: <20091218001628.GA19573@nef.pbox.org> Hi, I applied the following minor diff to preserve the value of the extern variable across calls to process_sign_request2() in ssh-agent.c. I've no idea if the attachment of the attachment will come out correctly so a cvs diff is also attached. Regards, Alistair -------------- next part -------------- An embedded message was scrubbed... From: "Alistair G. Crooks" Subject: CVS commit: src/crypto/external/bsd/openssh/dist Date: Thu, 17 Dec 2009 15:55:16 +0000 Size: 3593 URL: -------------- next part -------------- Index: ssh-agent.c =================================================================== RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/ssh-agent.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ssh-agent.c 7 Jun 2009 22:38:47 -0000 1.2 +++ ssh-agent.c 17 Dec 2009 15:55:16 -0000 1.3 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-agent.c,v 1.2 2009/06/07 22:38:47 christos Exp $ */ +/* $NetBSD: ssh-agent.c,v 1.3 2009/12/17 15:55:16 agc Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */ /* * Author: Tatu Ylonen @@ -36,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-agent.c,v 1.2 2009/06/07 22:38:47 christos Exp $"); +__RCSID("$NetBSD: ssh-agent.c,v 1.3 2009/12/17 15:55:16 agc Exp $"); #include #include #include @@ -307,13 +307,13 @@ Buffer msg; Key *key; + odatafellows = datafellows; datafellows = 0; blob = buffer_get_string(&e->request, &blen); data = buffer_get_string(&e->request, &dlen); flags = buffer_get_int(&e->request); - odatafellows = datafellows; if (flags & SSH_AGENT_OLD_SIGNATURE) datafellows = SSH_BUG_SIGBLOB; From vinschen at redhat.com Fri Dec 18 20:54:07 2009 From: vinschen at redhat.com (Corinna Vinschen) Date: Fri, 18 Dec 2009 10:54:07 +0100 Subject: ssh-agent in Cygwin? In-Reply-To: <20091217140918.12932.qmail@stuge.se> References: <20091217101640.3746.qmail@stuge.se> <20091217110929.GT8059@calimero.vinschen.de> <20091217130952.2169.qmail@stuge.se> <20091217135208.GA18144@calimero.vinschen.de> <20091217140918.12932.qmail@stuge.se> Message-ID: <20091218095407.GA1038@calimero.vinschen.de> On Dec 17 15:09, Peter Stuge wrote: > Corinna Vinschen wrote: > > > > I don't quite understand the question. Cygwin's ssh-agent is > > > > working just like on other platforms, using AF_UNIX sockets. > > > > > > Ok! Are those sockets somehow reachable from native win32? > > > > No. Why is that necesary? libssh2 should be usable within the Cygwin > > POSIX layer without using any native Win32 functions. > > Yes, but I'm thinking of the case where a win32 app is using libssh2 > and there is an ssh-agent in Cygwin. If not too difficult, it would > be nice to make that too work. (win32 app+pageant and cygwin > app+cygwin ssh-agent should work already, this is another case.) Well, that *might* be possible, but it's very tricky for the Win32 application. You only have the information available in the environment if the Win32 process is running in the same process tree in which the ssh-agent has been started. The ssh-agent is started like this in Cygwin (as on other POSIX systems): $ eval `ssh-agent` $ env | grep SSH SSH_AUTH_SOCK=/tmp/ssh-WUoLQ1057/agent.1057 SSH_AGENT_PID=1058 So you have a POSIX path to the auth socket. You have to convert it now to a Win32 path. The easiest way is to find and call the cygpath application, for instance: $ cygpath -wa `echo $SSH_AUTH_SOCK` C:\cygwin\tmp\ssh-WUoLQ1057\agent.1057 Alternatively you have to find the cygwin1.dll, load it dynamically, and call the cygwin_conv_path() function: http://cygwin.com/1.7/cygwin-api/func-cygwin-conv-path.html For the Cygwin API the file is a socket, but for the Win32 API it's just a file. Windows has no concept of AF_UNIX/AF_LOCAL sockets, so they are implemented as ordinary AF_INET sockets with pure local binding, and the socket file contains the information for Cygwin how to connect to them. For security purposes it's only readable by the creator of the socket, usually. When you got the Win32 path, just open the file using Win32 calls and read the content. It looks similar to this: !53795 s F0E9D75D-2AD3C2BA-2EF88B65-6B26688A\0 - "!" is just a cookie for Cygwin to identify this file as a socket file. - "53795" is the AF_INET port number. - "s" means it's a SOCK_STREAM type socket (alternatively "d" for SOCK_DGRAM). The remainder is a hex magic number which constitute a block of 4 32 bit values in host byte order. Now... - Create an AF_INET/SOCK_STREAM socket and connect it to the ssh-agent listening on 127.0.0.1:53795. - Convert the magic number into a 4*32 bit block of data in host byte order and send it to the agent. - Call read on the socket and wait for the reply. If your magic number was incorrect, the listener will disconnect. Otherwise it replies with the same magic number block of 4*32 byte. - Now send a second packet with your credentials. It's just a block of three 32 bit values in host byte order: uint32_t pid; uint32_t uid; uint32_t gid; Then read the same block from the socket. This information is returned in Cygwin in calls to getpeereid. - Still here? Congrats. You have established the AF_UNIX socket connection to the ssh-agent authentication socket. If you have further questions, we should better move this discussion over to the cygwin mailing list (cygwin AT cygwin DOT com). The Cygwin libssh2 package maintainer might be interested in this as well. HTH, Corinna -- Corinna Vinschen Cygwin Project Co-Leader Red Hat From jan.alphenaar at dotcolour.com Thu Dec 24 09:40:56 2009 From: jan.alphenaar at dotcolour.com (Jan Alphenaar) Date: Wed, 23 Dec 2009 23:40:56 +0100 Subject: Question on SSH_ASKPASS Message-ID: <20091223224106.D9E8AC4E56@natsu.mindrot.org> Hi everybody, I have asked a question a long time ago regarding SSH_ASKPASS, but with the latest version of OpenSSH I am not able to get the desired result. My goal is to launch a script on a remote server via SSH without having to type a password, because it is locally executed from a script. This should not be too complicated, but somehow I am not able to figure this out myself. I have configured the variables SSH_ASKPASS= and DISPLAY=nodisplay. My password_script just contains echo "password", nothing else. Now if I execute this ssh command: ssh -T jan@ "//