Bug 3110

Summary: Add a new ControlPath option: %a
Product: Portable OpenSSH Reporter: Cameron Eagans <me>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: enhancement CC: jjelen
Priority: P5    
Version: 8.1p1   
Hardware: amd64   
OS: Mac OS X   

Description Cameron Eagans 2020-01-09 05:24:16 AEDT 
A couple of web hosting providers that I work with have really long usernames and hostnames like this:

codeserver.dev.1f1576dd-fa95-400c-a179-7ae962373aab@codeserver.dev.1f1576dd-fa95-400c-a179-7ae962373aab.foo.bar:2222


If I have `ControlPath ~/.ssh/control/%r@%h:%p` in my ~/.ssh/config, I get an error about the ControlPath being too long when I try to SSH into one of those hosts. There's not a lot I can do about that as a user and it's pretty frustrating to just have to disable connection multiplexing.

I started thinking about this and I was wondering what it would take to add a new token for the ControlPath option like %a. If you used this token, you'd get a sha256 hash of the values of "%r@%h:%p". This would shorten up a ControlPath quite a bit at the cost of knowing which socket is which.

Personally, I wouldn't care too much about that tradeoff, but I may also not understand the security implications. I'd also be very open to other alternatives here if there's another way.
Comment 1 Cameron Eagans 2020-01-09 05:28:14 AEDT 
Oh, I forgot to mention: %a is for "auto" or "all". I don't much care about the specific letter used. This just made sense to me.
Comment 2 Jakub Jelen 2020-01-09 21:54:00 AEDT 
See manual page for ssh_config. In the section TOKENS, there is already the %C doing exactly that:

           %C    Hash of %l%h%p%r.
Comment 3 Damien Miller 2021-04-23 15:03:55 AEST 
closing resolved bugs as of 8.6p1 release