diff options
-rw-r--r-- | readconf.c | 13 | ||||
-rw-r--r-- | readconf.h | 3 | ||||
-rw-r--r-- | ssh.1 | 5 | ||||
-rw-r--r-- | ssh.c | 40 | ||||
-rw-r--r-- | ssh_config.5 | 12 |
5 files changed, 58 insertions, 15 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.276 2017/05/20 02:35:47 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.277 2017/05/30 18:58:37 bluhm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -163,7 +163,8 @@ typedef enum { oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, - oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, + oTunnel, oTunnelDevice, + oLocalCommand, oPermitLocalCommand, oRemoteCommand, oVisualHostKey, oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, @@ -284,6 +285,7 @@ static struct { { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, + { "remotecommand", oRemoteCommand }, { "visualhostkey", oVisualHostKey }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, @@ -1440,6 +1442,10 @@ parse_keytypes: intptr = &options->permit_local_command; goto parse_flag; + case oRemoteCommand: + charptr = &options->remote_command; + goto parse_command; + case oVisualHostKey: intptr = &options->visual_host_key; goto parse_flag; @@ -1828,6 +1834,7 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; + options->remote_command = NULL; options->add_keys_to_agent = -1; options->identity_agent = NULL; options->visual_host_key = -1; @@ -2032,6 +2039,7 @@ fill_default_options(Options * options) } \ } while(0) CLEAR_ON_NONE(options->local_command); + CLEAR_ON_NONE(options->remote_command); CLEAR_ON_NONE(options->proxy_command); CLEAR_ON_NONE(options->control_path); CLEAR_ON_NONE(options->revoked_host_keys); @@ -2509,6 +2517,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); dump_cfg_string(oLocalCommand, o->local_command); + dump_cfg_string(oRemoteCommand, o->remote_command); dump_cfg_string(oLogLevel, log_level_name(o->log_level)); dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); #ifdef ENABLE_PKCS11 @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.121 2017/04/30 23:18:22 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.122 2017/05/30 18:58:37 bluhm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -134,6 +134,7 @@ typedef struct { char *local_command; int permit_local_command; + char *remote_command; int visual_host_key; int request_tty; @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.381 2017/05/05 10:41:58 naddy Exp $ -.Dd $Mdocdate: May 5 2017 $ +.\" $OpenBSD: ssh.1,v 1.382 2017/05/30 18:58:37 bluhm Exp $ +.Dd $Mdocdate: May 30 2017 $ .Dt SSH 1 .Os .Sh NAME @@ -518,6 +518,7 @@ For full details of the options listed below, and their possible values, see .It PubkeyAcceptedKeyTypes .It PubkeyAuthentication .It RekeyLimit +.It RemoteCommand .It RemoteForward .It RequestTTY .It SendEnv @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.460 2017/05/30 08:52:19 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.461 2017/05/30 18:58:37 bluhm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -973,12 +973,6 @@ main(int ac, char **av) } } - /* Cannot fork to background if no command. */ - if (fork_after_authentication_flag && buffer_len(&command) == 0 && - !no_shell_flag) - fatal("Cannot fork into background without a command " - "to execute."); - /* * Initialize "log" output. Since we are the client all output * goes to stderr unless otherwise specified by -y or -E. @@ -1133,6 +1127,15 @@ main(int ac, char **av) options.use_privileged_port = 0; #endif + if (buffer_len(&command) != 0 && options.remote_command != NULL) + fatal("Cannot execute command-line and remote command."); + + /* Cannot fork to background if no command. */ + if (fork_after_authentication_flag && buffer_len(&command) == 0 && + options.remote_command == NULL && !no_shell_flag) + fatal("Cannot fork into background without a command " + "to execute."); + /* reinit */ log_init(argv0, options.log_level, options.log_facility, !use_syslog); @@ -1141,7 +1144,7 @@ main(int ac, char **av) tty_flag = 1; /* Allocate a tty by default if no command specified. */ - if (buffer_len(&command) == 0) + if (buffer_len(&command) == 0 && options.remote_command == NULL) tty_flag = options.request_tty != REQUEST_TTY_NO; /* Force no tty */ @@ -1197,6 +1200,27 @@ main(int ac, char **av) free(cp); } + if (options.remote_command != NULL) { + debug3("expanding RemoteCommand: %s", options.remote_command); + cp = options.remote_command; + options.remote_command = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); + debug3("expanded RemoteCommand: %s", options.remote_command); + free(cp); + buffer_append(&command, options.remote_command, + strlen(options.remote_command)); + + } + if (options.control_path != NULL) { cp = tilde_expand_filename(options.control_path, original_real_uid); diff --git a/ssh_config.5 b/ssh_config.5 index db37b92c..2c9e20fe 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $ -.Dd $Mdocdate: May 7 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.249 2017/05/30 18:58:37 bluhm Exp $ +.Dd $Mdocdate: May 30 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1287,6 +1287,14 @@ is .Cm default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. +.It Cm RemoteCommand +Specifies a command to execute on the remote machine after successfully +connecting to the server. +The command string extends to the end of the line, and is executed with +the user's shell. +The same escape character substitutions as for +.Cm LocalCommand +will be performed. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. |