Hi, A few more notes. Bryan Turner wrote: > bturner@ubuntu:~$ ssh -V > OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014 > > bturner@ubuntu:~$ ssh -G -p 7999 localhost > unknown option -- G > usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [...] > Is it possible to adjust the check, somehow, so it doesn't impact > older OpenSSH versions like this? As it stands, it seems likely a fair > number of users who have an SSH command that does support -4, -6 and > -p are going to end up getting "penalized" because it doesn't also > support -G, and have to manually set their SSH variant to "ssh" (or > something other than "auto") to avoid the automatic detection. > > I'd love to say I have a brilliant idea for how to work around this, > oh and here's a patch, but I don't. One option might be trying to > actually review the output, and another might be to run "ssh -V", but > both of those have their own flaws (and the extra process forks aren't > "free"). I have tomorrow off, so I've filed https://crbug.com/git/7 to make sure I remember to follow up the day after. Of course I'll be happy if someone updates that bug saying they've fixed it in the meantime. One possibility would be to use -V as a fallback when -G fails, or even as a replacement for this usage of -G. To avoid misdetecting PuTTY and other ssh variants that also implement -V as OpenSSH, we would have to parse the output. This would also misdetect a script that does host=$1; shift ssh "$host" -- "$@" as supporting OpenSSH options, when the use of -- ensures it doesn't. Another possibility is to parse the output when -G fails. That's hacky, but I think it would work well! We would not have to be too clever, since we can look for the exact output produced by the versions of OpenSSH that we care about. This still has issues with scripts that forward arguments to OpenSSH, but at least those issues would go away once the user updates their copy of ssh. ;-) Another possibility is to pass options *before* -V: ssh -p 7999 -V Since OpenSSH parses its arguments left-to-right, this gives similar information to what we did with -G, and scripts like host=$1; shift ssh "$host" -- "$@" would even be correctly detected as not supporting OpenSSH options. We still would need to parse the output to distinguish OpenSSH from other ssh implementations like putty (unlike OpenSSH, putty saves up argument errors in an 'error' variable and forgets about them once it sees -V). Trying -G and falling back to -V seems like the simplest detection mechanism to me at the moment. I'm hoping I'm missing something simple (another ssh option?) that allows avoiding this mess. Regardless, I think we should do something like [1] first to get rid of the regression. Thanks again for reporting it. Sincerely, Jonathan [1] https://public-inbox.org/git/20180103050730.GA87855@xxxxxxxxxxxxxxxxxxxxxxxxx/