Bug 3140

Summary:

support environment variables in keywords where possible.

Product:

Portable OpenSSH

Reporter:

Daniel Kahn Gillmor <dkg>

Component:

ssh

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

enhancement

CC:

dtucker

Priority:

Version:

8.2p1

Hardware:

Other

OS:

Linux

Bug Depends on:

3014

Bug Blocks:

3162

Attachments:

Description	Flags
allow environment variables in path config keywords	none

Description Daniel Kahn Gillmor 2020-03-27 04:31:52 AEDT

In some situations, users will want to forward a unix domain socket that lives in XDG_RUNTIME_DIR. for example, the default GnuPG gpg-agent's  `agent-socket` lives in $XDG_RUNTIME_DIR/S.gpg-agent.

But this isn't known by the client when setting up a RemoteForward.

If we could use tokens in RemoteForward (see #3014), then one token that would be really nice to have would be this location.

Comment 1 Darren Tucker 2020-04-10 11:46:59 AEST

I don't think this is something we want to do.  At least not as a %-TOKEN.

 - there's no guarantee that the environment variable will exist at all.  Currently every attribute is guaranteed to exist, so the semantics when it doesn't would not be clear (expand to nothing?  leave unexpanded?  throw an error?).
 - we don't currently do environment variables here and this opens a whole other can of worms^W environment variables.  There's only so many letters on the keyboard.
 - ssh and sshd are command line applications not desktop applications.

With the functionality added in #3014 you can construct the path in the client's config file if you know the scheme it's using (eg "RemoteForward /foo/bar /var/user/%i/baz") or look it up at runtime and add the forward using ControlMaster (which also works if you want the inverse direction, if you happen to want that):

$ echo 'ControlPath %d/.ssh/%C' >>~/.ssh/config
$ ssh -Nf -o controlmaster=yes server
$ remdir=$(ssh server 'echo $XDG_RUNTIME_DIR')
$ ssh -O forward -oRemoteForward="$remdir/S.gpg-agent /foo/bar" server

Comment 2 Darren Tucker 2020-04-10 18:56:06 AEST

Created attachment 3375 [details]
allow environment variables in path config keywords

This adds support for shell-style ${VAR} keyword expansions in config keywords that take paths.  It applies on top of OpenBSD -current.  Your use case would be something like this in ~/.ssh/config:

RemoteForward ${XDG_RUNTIME_DIR}/S.gpg-agent ${XDG_RUNTIME_DIR}/S.gpg-agent

There's a few potential problems with this:
 - the expansions are exclusively client side and I'm not sure the server should ever do this type of expansion.
 - there'a existing environment variable support in IdentityAgent and ForwardAgent which has a different, more limited format.  Right now the patch supports both.  I think we'd be better off removing the old format since having two is potentially confusing, but that's a user visible potentially incompatible change.
 - I am unsure if this is generally worth the extra complexity and maintenance or what the other OpenSSH maintainers will think of this.

Comment 3 Darren Tucker 2020-05-29 14:34:32 AEST

Generic environment variable support has been added and will be in the 8.4 release.

Comment 4 Darren Tucker 2020-10-02 14:55:05 AEST

Mass close of all bugs fixed in 8.4 release.