Iain Morgan <imorgan <at> nas.nasa.gov> writes: > > On Thu, Mar 06, 2014 at 18:37:21 +0000, mancha wrote: > > Hi. > > > > Last night on an irc openssh channel, a user brought up a use > > case involving cluster trees and very descriptive (i.e. long) > > hierarchical hostnames. > > > > To make a long story short, his ControlPath (~/.ssh/control-master > > /%r <at> %h:%p) was bumping up against UNIX_PATH_MAX. > > > > Attached patch adds a new percent-token (%H) that expands to the > > sha1 digest of the concatenation of host (%h) + port (%p) + remote > > user (%r). The token's expanded length is a fixed 40 characters > > and, barring digest collision, provides uniqueness. > > > > The patch was built against 6.5p1 but applies (with harmless > > offsets) to OpenBSD HEAD. > > > > --mancha > > I suppose the IP address of the destination host is not known at the > time that the socket is created or initially accessed; but if it is, > adding a macro for the IP address might be an alternative approach. > > With regard to your suggestion, it might also be worthwhile including > the client hostname in the hash to cover scenarios where the sockets are > created in shared filesystems. I'm also a little hesitant about using > %H; in analogy to %l and %L, %H should be the first component of the > destinations's name. Perhaps %M or %S? > > I'm not sure if the work being done to allow OpenSSH to be built without > OpenSSL includes SHA-1 support. I assume that it does, but I haven't > gottent around to looking at the code. If it doesn't, it might be > necessary to use MD5 instead. > Iain, many thanks for your good comments. I've made the following changes: 1. Digest is based on lhost(%l) + rhost(%h) + rport(%p) + ruser(%r) 2. Macro is %D 3. ssh_digest_* wrappers are used to future proof If SHA1 is no longer supported in the future, MD5 can be used by changing two lines. Patch: http://sf.net/projects/mancha/files/misc/openssh-6.5p1-mux-hash.diff --mancha _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
