On Fri, 10 Jun 2022, Damien Miller wrote:
> Another possibility would be to have some %-expansion that expands to
> a random value that is long enough to be safely used as a temporary
> path.
>
> E.g. %R expanding to 24 base64 characters. You could use this to
> obtain effectively unique paths.
This would be a great solution.
To complete this option, how might the server determine the unique path?
I'm leaning towards SetEnv and updating it to understand
%-expansions. (If it doesn't already.)
Host example
RemoteForward /tmp/%R.sock /home/local/.gnupg/S.gpg-agent.extra
SetEnv SSH_R_EXPANSION=%R
At the moment all %-expansions happen client-side, which is a nice and
simple design. The server could perform the %R expansion server-side if
that's the right approach, but it'd introduce a lot of new logic to the
server.
One other alternative to SetEnv would be to send the client-computed %R
as a SSH_CHANNEL_LARVAL state command, which is also involved.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
