[Bug 2824] Add a configuration option / hook that will enable running a shell command / script right before connecting

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jan 27 09:30:24 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2824

Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dkg at fifthhorseman.net

--- Comment #1 from Daniel Kahn Gillmor <dkg at fifthhorseman.net> ---
This has been worked around in the past by use of ProxyCommand.  if
your ProxyCommand does something and then subsequently exec's nc or
socat to make the actual connection, you can get this behavior without
changing OpenSSH at all.

this does make things slightly less efficient, but that's not the end
of the world.

as for using gpg-agent as ssh-agent, please note that the gpg-agent has
a different conception of key "unlock" and retention duration, and of
agent-lifetime than does the standard ssh-agent.  these subtle
differences end up meaning that your workflow doesn't quite match up.

You describe using ssh-agent in tmux, but one approach you can use
there is to ensure that gpg-agent only runs in one tmux pane, and that
you just need to switch to that pane to interact with the agent -- it
*won't* follow you from pane to pane, and you can be sure that you're
interacting with the agent -- the remote host can't pretend to be the
agent in the current pane and ask you to deliver it your passphrase
(which would be a bad thing).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list