Re: Private key (-i key_file) percent_expand problem when path contains percent sign (%)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 17/04/15 19:58, Mikael Nordfeldth wrote:
So it boils down to the -i parsing with a percent sign (which doesn't
expand) it seems. Anyone else experiencing this or can reproduce it?
Yes, openssh doesn't like a % in the -i parameter:
- If you provide a %, inside load_public_identity_files it attempts to treat it
as an expand sequence, and thus fails.

- If you provide a %% (which expands to a single %), then the stat(2) done
before add_identity_file() makes it to fail, and such path doesn't even
reach load_public_identity_files.

As a workaround, you can provide the key file with the -o option:
 ssh -o IdentityFile=/srv/www/example.com/%%/.ssh/id_rsa user@xxxxxxxxxxx


The following patch makes ssh to ignore the stat failure if the -i argument
contains a % character:

diff --git a/ssh.c b/ssh.c
index 0ad82f0..e0c574f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -705,7 +705,7 @@ main(int ac, char **av)
                        options.gss_deleg_creds = 1;
                        break;
                case 'i':
-                       if (stat(optarg, &st) < 0) {
+ if (stat(optarg, &st) < 0 && strchr(optarg, '%') == NULL) { fprintf(stderr, "Warning: Identity file %s "
                                    "not accessible: %s.\n", optarg,
                                    strerror(errno));

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux