Bug 3110 - Add a new ControlPath option: %a
Summary: Add a new ControlPath option: %a
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 8.1p1
Hardware: amd64 Mac OS X
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-09 05:24 AEDT by Cameron Eagans
Modified: 2021-04-23 15:03 AEST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Cameron Eagans 2020-01-09 05:24:16 AEDT
A couple of web hosting providers that I work with have really long usernames and hostnames like this:

codeserver.dev.1f1576dd-fa95-400c-a179-7ae962373aab@codeserver.dev.1f1576dd-fa95-400c-a179-7ae962373aab.foo.bar:2222


If I have `ControlPath ~/.ssh/control/%r@%h:%p` in my ~/.ssh/config, I get an error about the ControlPath being too long when I try to SSH into one of those hosts. There's not a lot I can do about that as a user and it's pretty frustrating to just have to disable connection multiplexing.

I started thinking about this and I was wondering what it would take to add a new token for the ControlPath option like %a. If you used this token, you'd get a sha256 hash of the values of "%r@%h:%p". This would shorten up a ControlPath quite a bit at the cost of knowing which socket is which.

Personally, I wouldn't care too much about that tradeoff, but I may also not understand the security implications. I'd also be very open to other alternatives here if there's another way.
Comment 1 Cameron Eagans 2020-01-09 05:28:14 AEDT
Oh, I forgot to mention: %a is for "auto" or "all". I don't much care about the specific letter used. This just made sense to me.
Comment 2 Jakub Jelen 2020-01-09 21:54:00 AEDT
See manual page for ssh_config. In the section TOKENS, there is already the %C doing exactly that:

           %C    Hash of %l%h%p%r.
Comment 3 Damien Miller 2021-04-23 15:03:55 AEST
closing resolved bugs as of 8.6p1 release