Bug 3015

Summary: ssh: usability issue with -J and multiple jump hosts
Product: Portable OpenSSH Reporter: Paul Wise <pabs3>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: minor CC: djm, dtucker
Priority: P5    
Version: 7.9p1   
Hardware: All   
OS: Linux   
URL: https://bugs.debian.org/929669
Bug Depends on:    
Bug Blocks: 2988    
Attachments:
Description Flags
slightly more helpful error message none

Description Paul Wise 2019-05-29 09:55:24 AEST 
When I try to proxy jump through multiple hosts using the most intuitive way to do that (multiple -J options), ssh misleads me into believing that ssh only supports a single jump host but if I use the right syntax by separating the hosts with commas then it works fine.

I suggest that ssh either automatically combine the values of all the proxy jump options using commas or print an error directing the user to manually combine the values of all the proxy jump options using commas.

   $ ssh -J master.debian.org -J paradis.debian.org draghi.debian.org echo yay
   Only a single -J option permitted

   $ ssh -J master.debian.org,paradis.debian.org draghi.debian.org echo yay
   yay
Comment 1 Damien Miller 2019-05-31 13:30:21 AEST 
Unfortunately, combining options as you suggest would make the handling of -J inconsistent with other command-line options as everything is first-match-wins. I don't think introducing an inconsistency is worth it for this case.
Comment 2 Paul Wise 2019-05-31 13:40:33 AEST 
What about my other suggestion?

> print an error directing the user to manually combine the values of all the proxy jump options using commas.
Comment 3 Damien Miller 2019-06-07 14:08:46 AEST 
Created attachment 3290 [details]
slightly more helpful error message
Comment 4 Paul Wise 2019-06-07 14:20:53 AEST 
Looks good, thanks.
Comment 5 Damien Miller 2019-07-19 13:05:57 AEST 
This is applied and will be in OpenSSH 8.1.
Comment 6 Damien Miller 2019-10-09 15:11:43 AEDT 
Close bugs fixed in openssh-8.1 release cycle