Private key (-i key_file) percent_expand problem when path contains percent sign (%)

Ángel González keisial at gmail.com
Mon Apr 20 04:56:42 AEST 2015


On 17/04/15 19:58, Mikael Nordfeldth wrote:
> So it boils down to the -i parsing with a percent sign (which doesn't
> expand) it seems. Anyone else experiencing this or can reproduce it?
Yes, openssh doesn't like a % in the -i parameter:
- If you provide a %, inside load_public_identity_files it attempts to 
treat it
as an expand sequence, and thus fails.

- If you provide a %% (which expands to a single %), then the stat(2) done
before add_identity_file() makes it to fail, and such path doesn't even
reach load_public_identity_files.

As a workaround, you can provide the key file with the -o option:
  ssh -o IdentityFile=/srv/www/example.com/%%/.ssh/id_rsa user at example.com


The following patch makes ssh to ignore the stat failure if the -i argument
contains a % character:

diff --git a/ssh.c b/ssh.c
index 0ad82f0..e0c574f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -705,7 +705,7 @@ main(int ac, char **av)
                         options.gss_deleg_creds = 1;
                         break;
                 case 'i':
-                       if (stat(optarg, &st) < 0) {
+                       if (stat(optarg, &st) < 0 && strchr(optarg, '%') 
== NULL) {
                                 fprintf(stderr, "Warning: Identity file 
%s "
                                     "not accessible: %s.\n", optarg,
                                     strerror(errno));



More information about the openssh-unix-dev mailing list