Bug 2827

Summary: Specifying ssh config file via -F does not apply to ProxyJump / ProxyCommand
Product: Portable OpenSSH Reporter: willchan
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED INVALID    
Severity: minor CC: dtucker, willchan
Priority: P5    
Version: -current   
Hardware: All   
OS: All   

Description willchan 2018-01-30 09:17:19 AEDT 
I have a config file that has a Host section for the destination host, that uses a ProxyCommand to connect via a jump host. Connection configuration for the jump host is also specified in its own Host section in the config file. The problem is that, unless the config file is in a default location (system /etc ssh config, or /etc/passwd specified home directory), I'd have to specify -F in the ProxyCommand itself. This means the config file isn't safe to be located in any arbitrary location, without rewriting its content. If I specify -F on the command line, it'd be great for it to be propagated to ProxyJumps. That said, I suspect that may not be the best way to configure this. It would just solve my problem :)

More concretely, I am deploying multiple ssh configurations and identities to a cloud server, so it can access a bunch of our other hosts. I don't want to have to overwrite /etc or ~user/.ssh/config. I looked into setting $HOME, but it appears that that is not supported. ssh appears to use the directory specified in /etc/passwd, as returned by getpwuid().
Comment 1 Darren Tucker 2018-01-30 10:19:09 AEDT 
What version are you using?  AFAICT ProxyJump has always passed -F through:

https://github.com/openssh/openssh-portable/commit/ed877ef653847d056bb433975d731b7a1132a979#diff-5bfa45f3fb322e569a8101399c9c551cR1113

$ ssh -F /dev/null -vvv -J localhost localhost true 2>&1 | grep ProxyJump
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -F /dev/null -vvv -W '[%h]:%p' localhost
Comment 2 willchan 2018-01-30 11:29:58 AEDT 
Oops, now I feel stupid :P Indeed you're correct, sorry for wasting your time.

My environment is using OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016. I had tried to use this awhile back and couldn't. It's possible that the OpenSSH version in the environment is different now than before. In particular, I remember that at the time I tested this before, ProxyJump didn't exist, so I was using ProxyCommand. I'll go figure out if this OpenSSH version includes ProxyJump support, and if not, I'll look into whether or not I can update it.

Thanks!
Comment 3 Damien Miller 2018-04-06 12:26:46 AEST 
Close all resolved bugs after release of OpenSSH 7.7.