Bug 3175 - ssh_config(5) - ProxyCommand should explain semantics
Summary: ssh_config(5) - ProxyCommand should explain semantics
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 8.3p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-01 21:26 AEST by frederik-openssh
Modified: 2020-06-02 12:34 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description frederik-openssh 2020-06-01 21:26:17 AEST 
ssh_config(5) says:

     ProxyCommand
             Specifies the command to use to connect to the server.  The com-
             mand string extends to the end of the line, and is executed using
             the user's shell `exec' directive to avoid a lingering shell
             process.

Personally, I would find this explanation much more transparent if it mentioned up front that the ssh command line arguments "destination" and "-p port" are ignored when ProxyCommand is specified. Perhaps something like:

     ProxyCommand
             Specifies the command to use to connect to the server. If
             this option is provided then ssh will ignore command line
             arguments such as "destination" and "-p port". Instead,
             Ssh will run the given command, and will attempt to
             communicate with the remote server via the standard input
             and output of the command's process. Specifying no proxy
             command is equivalent to "ProxyCommand nc host port"
             (where "nc" is the "netcat" utility).

             The command string extends to the end of the line. The
             command is executed using the user's shell `exec'
             directive to avoid a lingering shell process. [...]
Comment 1 Damien Miller 2020-06-02 10:26:03 AEST 
Those options aren't ignored though, they are made available to the proxy command via token command line arguments. E.g. ProxyCommand="nc %h %p"
Comment 2 frederik-openssh 2020-06-02 12:34:38 AEST 
Thank you. Second attempt

    ProxyCommand
             Specifies the command to use to connect to the server. If
             this option is provided then ssh(1) will not use the
             command line arguments such as "destination" and "-p
             port" for connecting. Instead, ssh(1) will run the given
             command, and will attempt to communicate with the remote
             server via the input and output of the command's process.
             Thus, specifying no proxy command (the default) would be
             semantically equivalent to `ProxyCommand="nc %h %p"`.
             ("nc" is the "netcat" utility, and %h and %p are expanded
             to host and port as defined under TOKENS below)

             The command string extends to the end of the line. The
             command is executed using the user's shell `exec'
             directive to avoid a lingering shell process. [...]

There is a bit of repetition in the next paragraph ("Arguments to ProxyCommand accept the tokens [...]") but I think this is OK. (?)