Private key (-i key_file) percent_expand problem when path contains percent sign (%)
Ángel González
keisial at gmail.com
Mon Apr 20 04:56:42 AEST 2015
On 17/04/15 19:58, Mikael Nordfeldth wrote:
> So it boils down to the -i parsing with a percent sign (which doesn't
> expand) it seems. Anyone else experiencing this or can reproduce it?
Yes, openssh doesn't like a % in the -i parameter:
- If you provide a %, inside load_public_identity_files it attempts to
treat it
as an expand sequence, and thus fails.
- If you provide a %% (which expands to a single %), then the stat(2) done
before add_identity_file() makes it to fail, and such path doesn't even
reach load_public_identity_files.
As a workaround, you can provide the key file with the -o option:
ssh -o IdentityFile=/srv/www/example.com/%%/.ssh/id_rsa user at example.com
The following patch makes ssh to ignore the stat failure if the -i argument
contains a % character:
diff --git a/ssh.c b/ssh.c
index 0ad82f0..e0c574f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -705,7 +705,7 @@ main(int ac, char **av)
options.gss_deleg_creds = 1;
break;
case 'i':
- if (stat(optarg, &st) < 0) {
+ if (stat(optarg, &st) < 0 && strchr(optarg, '%')
== NULL) {
fprintf(stderr, "Warning: Identity file
%s "
"not accessible: %s.\n", optarg,
strerror(errno));
More information about the openssh-unix-dev
mailing list