Debian Bug report logs -
#471437
ssh(1): document how to disable connection sharing
Reported by: martin f krafft <madduck@debian.org>
Date: Tue, 18 Mar 2008 08:27:15 UTC
Severity: wishlist
Tags: patch
Found in version openssh/1:4.7p1-4
Fixed in version openssh/1:4.7p1-5
Done: Colin Watson <cjwatson@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#471437; Package openssh-client.
(full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: openssh-client
Version: 1:4.7p1-4
Severity: wishlist
I have a master connection to most of the machines with which
I deal. Every now and then, I need X forwarding or SSH Agent
forwarding, but there is no way to connect to the machine (other
than through IP or a host alias not in .ssh/config) without going
via the control socket. -o ControlMaster=no doesn't work, and
neither does -S /dev/null.
It would be nice if the -M option could be extended to invert its
meaning when ControlMaster is turned on already:
- -M -MM
ControlMaster off direct master master
ControlMaster on master direct direct
ControlMaster auto master* direct masterask*/direct
as far as I can tell, this would be compatible with the current
behaviour (provided ControlMaster is off), but it would also allow
single connections to go directly, even if ControlMaster is on.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-client depends on:
ii adduser 3.106 add and remove users and groups
ii debconf [debconf-2.0] 1.5.20 Debian configuration management sy
ii dpkg 1.14.16.6 package maintenance system for Deb
ii libc6 2.7-9 GNU C Library: Shared libraries
ii libcomerr2 1.40.8-2 common error description library
ii libedit2 2.9.cvs.20050518-4 BSD editline and history libraries
ii libkrb53 1.6.dfsg.3~beta1-3 MIT Kerberos runtime libraries
ii libncurses5 5.6+20080203-1 Shared libraries for terminal hand
ii libssl0.9.8 0.9.8g-7 SSL shared libraries
ii passwd 1:4.1.0-2 change and administer password and
ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime
openssh-client recommends no packages.
-- no debconf information
--
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#471437; Package openssh-client.
(full text, mbox, link).
Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(full text, mbox, link).
Message #8 received at 471437@bugs.debian.org (full text, mbox, reply):
On Tue, Mar 18, 2008 at 09:25:56AM +0100, martin f krafft wrote:
> I have a master connection to most of the machines with which
> I deal. Every now and then, I need X forwarding or SSH Agent
> forwarding, but there is no way to connect to the machine (other
> than through IP or a host alias not in .ssh/config) without going
> via the control socket. -o ControlMaster=no doesn't work, and
> neither does -S /dev/null.
-o ControlPath=none (or indeed -S none), documented in ssh_config(5):
ControlPath
Specify the path to the control socket used for connection
sharing as described in the ControlMaster section above or
the string "none" to disable connection sharing.
--
Colin Watson [cjwatson@debian.org]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#471437; Package openssh-client.
(full text, mbox, link).
Message #11 received at 471437@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
retitle 471437 ssh(1): document how to disable connection sharing
tags 471437 patch
thanks
Thanks, Colin. Maybe this patch could keep other people from
overlooking this bit?
diff -u openssh-4.7p1/ssh.1 openssh-4.7p1/ssh.1
--- openssh-4.7p1/ssh.1
+++ openssh-4.7p1/ssh.1
@@ -559,7 +559,9 @@
option is enabled (see
.Xr sshd_config 5 ) .
.It Fl S Ar ctl_path
-Specifies the location of a control socket for connection sharing.
+Specifies the location of a control socket for connection sharing,
+or disables connection sharing if the argument is
+.Ar none .
Refer to the description of
.Cm ControlPath
and
--
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
"literature always anticipates life.
it does not copy it, but moulds it to its purpose.
the nineteenth century, as we know it,
is largely an invention of balzac."
-- oscar wilde
[digital_signature_gpg.asc (application/pgp-signature, inline)]
Changed Bug title to `ssh(1): document how to disable connection sharing' from `option to prevent going via master control socket'.
Request was from martin f krafft <madduck@debian.org>
to control@bugs.debian.org.
(Tue, 18 Mar 2008 09:42:04 GMT) (full text, mbox, link).
Tags added: patch
Request was from martin f krafft <madduck@debian.org>
to control@bugs.debian.org.
(Tue, 18 Mar 2008 09:42:04 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#471437; Package openssh-client.
(full text, mbox, link).
Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(full text, mbox, link).
Message #20 received at 471437@bugs.debian.org (full text, mbox, reply):
tags 471437 pending
thanks
On Tue, Mar 18, 2008 at 10:38:08AM +0100, martin f krafft wrote:
> Thanks, Colin. Maybe this patch could keep other people from
> overlooking this bit?
>
> diff -u openssh-4.7p1/ssh.1 openssh-4.7p1/ssh.1
> --- openssh-4.7p1/ssh.1
> +++ openssh-4.7p1/ssh.1
> @@ -559,7 +559,9 @@
> option is enabled (see
> .Xr sshd_config 5 ) .
> .It Fl S Ar ctl_path
> -Specifies the location of a control socket for connection sharing.
> +Specifies the location of a control socket for connection sharing,
> +or disables connection sharing if the argument is
> +.Ar none .
> Refer to the description of
> .Cm ControlPath
> and
Thanks; I applied something quite similar to this, although with text
closer to that in ssh_config(5).
--- ssh.1 24 Dec 2007 10:53:35 -0000 1.18
+++ ssh.1 18 Mar 2008 10:11:58 -0000
@@ -559,7 +559,10 @@ will only succeed if the server's
option is enabled (see
.Xr sshd_config 5 ) .
.It Fl S Ar ctl_path
-Specifies the location of a control socket for connection sharing.
+Specifies the location of a control socket for connection sharing,
+or the string
+.Dq none
+to disable connection sharing.
Refer to the description of
.Cm ControlPath
and
Cheers,
--
Colin Watson [cjwatson@debian.org]
Tags added: pending
Request was from Colin Watson <cjwatson@debian.org>
to control@bugs.debian.org.
(Tue, 18 Mar 2008 10:30:12 GMT) (full text, mbox, link).
Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to martin f krafft <madduck@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 471437-close@bugs.debian.org (full text, mbox, reply):
Source: openssh
Source-Version: 1:4.7p1-5
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_4.7p1-5_i386.udeb
to pool/main/o/openssh/openssh-client-udeb_4.7p1-5_i386.udeb
openssh-client_4.7p1-5_i386.deb
to pool/main/o/openssh/openssh-client_4.7p1-5_i386.deb
openssh-server-udeb_4.7p1-5_i386.udeb
to pool/main/o/openssh/openssh-server-udeb_4.7p1-5_i386.udeb
openssh-server_4.7p1-5_i386.deb
to pool/main/o/openssh/openssh-server_4.7p1-5_i386.deb
openssh_4.7p1-5.diff.gz
to pool/main/o/openssh/openssh_4.7p1-5.diff.gz
openssh_4.7p1-5.dsc
to pool/main/o/openssh/openssh_4.7p1-5.dsc
ssh-askpass-gnome_4.7p1-5_i386.deb
to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-5_i386.deb
ssh-krb5_4.7p1-5_all.deb
to pool/main/o/openssh/ssh-krb5_4.7p1-5_all.deb
ssh_4.7p1-5_all.deb
to pool/main/o/openssh/ssh_4.7p1-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 471437@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Mar 2008 12:37:00 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:4.7p1-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell server, an rshd replacement
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 463011 468563 471437
Changes:
openssh (1:4.7p1-5) unstable; urgency=low
.
* Recommends: xauth rather than Suggests: xbase-clients.
* Document in ssh(1) that '-S none' disables connection sharing
(closes: #471437).
* Patch from Red Hat / Fedora:
- SECURITY: Don't use X11 forwarding port which can't be bound on all
address families, preventing hijacking of X11 forwarding by
unprivileged users when both IPv4 and IPv6 are configured (closes:
#463011).
* Use printf rather than echo -en (a bashism) in openssh-server.config and
openssh-server.preinst.
* debconf template translations:
- Update Finnish (thanks, Esko Arajärvi; closes: #468563).
Files:
ab0704790dd6cd1ed05c53acaa14618b 1104 net standard openssh_4.7p1-5.dsc
de3876a70bacdad310f18fb41d50c900 187533 net standard openssh_4.7p1-5.diff.gz
e882d86eee0e147f5e5c3692ea2c5aca 1040 net extra ssh_4.7p1-5_all.deb
3cb62a15cd49e27929ac1371cebb9846 87866 net extra ssh-krb5_4.7p1-5_all.deb
872c383e134dd329d23ab5323547736c 662368 net standard openssh-client_4.7p1-5_i386.deb
f6ac89a0c92822ecd334a351c6de7ab8 245170 net optional openssh-server_4.7p1-5_i386.deb
932310d414eaee6417206c08a351baed 95366 gnome optional ssh-askpass-gnome_4.7p1-5_i386.deb
96618c089325bc509e85d079f7b8dd77 158528 debian-installer optional openssh-client-udeb_4.7p1-5_i386.udeb
3aec92fd3244e7664eafd71d9f13d14c 169116 debian-installer optional openssh-server-udeb_4.7p1-5_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iD8DBQFH5QB79t0zAhD6TNERAsfeAJ90FkbUrNM7wALBx8Hwi7KQ9R2dtwCghuTQ
al33pNJ1Vj4L3i5zBwgEDt8=
=WXOA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 26 Apr 2008 07:31:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 18:32:03 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.