ProxyJump may construct erroneous ProxyCommand

Damien Miller djm at mindrot.org
Mon Jan 15 09:14:48 AEDT 2024


On Sat, 13 Jan 2024, Rob Leslie wrote:

> Hello,
> 
> On macOS, Terminal’s “New Remote Connection…” command runs ssh in a new window like this:
> 
> 	login -pfq $USER /usr/bin/ssh $HOST
> 
> Here, login executes /usr/bin/ssh with argv[0] set to “-ssh”.
> 
> If $HOST has a ProxyJump configuration, the resulting ProxyCommand is:
> 
> 	-ssh -W '[%h]:%p' $JUMP_HOST
> 
> Because of the leading hyphen, this fails to execute. If the user’s shell is zsh, the Terminal window shows:
> 
> 	zsh:1: unknown exec flag -s
> 
> Would it make sense to ignore any leading hyphen when constructing the ProxyCommand from ProxyJump?
> 
> % ssh -V       
> OpenSSH_9.4p1, LibreSSL 3.3.6

This sounds more like a problem in OSX Terminal.app than ssh. We could do
something like this:


diff --git a/ssh.c b/ssh.c
index 48d93ddf2..7cd498f84 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1313,7 +1313,7 @@ main(int ac, char **av)
 		 * Try to use SSH indicated by argv[0], but fall back to
 		 * "ssh" if it appears unavailable.
 		 */
-		if (strchr(argv0, '/') != NULL && access(argv0, X_OK) != 0)
+		if (access(argv0, X_OK) != 0)
 			sshbin = "ssh";
 
 		/* Consistency check */


More information about the openssh-unix-dev mailing list