[RFC] Add hash token to ControlPath

[mancha]

Iain Morgan <imorgan <at> nas.nasa.gov> writes:
> 
> On Thu, Mar 06, 2014 at 18:37:21 +0000, mancha wrote:
> > Hi.
> > 
> > Last night on an irc openssh channel, a user brought up a use
> > case involving cluster trees and very descriptive (i.e. long)
> > hierarchical hostnames.
> > 
> > To make a long story short, his ControlPath (~/.ssh/control-master
> > /%r <at> %h:%p) was bumping up against UNIX_PATH_MAX.
> > 
> > Attached patch adds a new percent-token (%H) that expands to the
> > sha1 digest of the concatenation of host (%h) + port (%p) + remote
> > user (%r). The token's expanded length is a fixed 40 characters
> > and, barring digest collision, provides uniqueness.
> > 
> > The patch was built against 6.5p1 but applies (with harmless
> > offsets) to OpenBSD HEAD.
> > 
> > --mancha
> 
> I suppose the IP address of the destination host is not known at the
> time that the socket is created or initially accessed; but if it is,
> adding a macro for the IP address might be an alternative approach.
> 
> With regard to your suggestion, it might also be worthwhile including
> the client hostname in the hash to cover scenarios where the sockets are
> created in shared filesystems. I'm also a little hesitant about using
> %H; in analogy to %l and %L, %H should be the first component of the
> destinations's name. Perhaps %M or %S?
> 
> I'm not sure if the work being done to allow OpenSSH to be built without
> OpenSSL includes SHA-1 support. I assume that it does, but I haven't
> gottent around to looking at the code. If it doesn't, it might be
> necessary to use MD5 instead.
> 

Iain, many thanks for your good comments. I've made the following
changes:

1. Digest is based on lhost(%l) + rhost(%h) + rport(%p) + ruser(%r)
2. Macro is %D
3. ssh_digest_* wrappers are used to future proof

If SHA1 is no longer supported in the future, MD5 can be used by
changing two lines.

Patch:
http://sf.net/projects/mancha/files/misc/openssh-6.5p1-mux-hash.diff

--mancha