Does OpenSSH >=7.2 support local-side tilde expansion for remote Unix socket forwarding
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I am trying to forward a gpg-agent
Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:
- A:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
- B:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST
They both report successful remote forwarding after initial ssh
connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory
when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye
while option B's socket works fine.
I want to know whether it is possible to do local home directory expansion with ssh
remote forwarding command. If not, why?
ssh openssh forwarding unix-sockets
add a comment |Â
up vote
1
down vote
favorite
I am trying to forward a gpg-agent
Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:
- A:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
- B:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST
They both report successful remote forwarding after initial ssh
connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory
when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye
while option B's socket works fine.
I want to know whether it is possible to do local home directory expansion with ssh
remote forwarding command. If not, why?
ssh openssh forwarding unix-sockets
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am trying to forward a gpg-agent
Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:
- A:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
- B:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST
They both report successful remote forwarding after initial ssh
connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory
when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye
while option B's socket works fine.
I want to know whether it is possible to do local home directory expansion with ssh
remote forwarding command. If not, why?
ssh openssh forwarding unix-sockets
I am trying to forward a gpg-agent
Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:
- A:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
- B:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST
They both report successful remote forwarding after initial ssh
connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory
when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye
while option B's socket works fine.
I want to know whether it is possible to do local home directory expansion with ssh
remote forwarding command. If not, why?
ssh openssh forwarding unix-sockets
ssh openssh forwarding unix-sockets
asked Aug 7 at 6:34
Tanachat
1185
1185
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
accepted
The ~
must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.
But you don't need an expansion for the current users home directory as it is the working directory anyway.
Try
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
Edit:
This works because the working directory on the host (not on the client) is always the home directory of the target user.
The ssh server doesn't expand ~
of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.
Edited as suggested by Kusalananda
This works if I startssh
session when working dir is home dir. Do you know of a way to make this work for any dir?
â Tanachat
Aug 8 at 21:25
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
The left-hand-side is the remote part, so you need to remove~/
from there and add it to the right-hand-side.
â Kusalananda
Aug 9 at 6:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, butssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The~
for the remote path seems significant.
â Tanachat
Aug 9 at 21:43
Edit your answer withssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.
â Tanachat
Aug 9 at 21:45
 |Â
show 1 more comment
up vote
1
down vote
The comment doesn't support newlines, so I had to put these here:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT workssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT work
As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME
is replaced by the client shell. This only works if $HOME
on the client and $HOME
on the server are the same. The ~/
is only expanded at the start of a word, not inside. So ~/XX
is $HOME/XX
, but XX:~/
is just XX:~/
"
For those of you who want to automate this with the RemoteForward
keyword in your ssh
config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh
config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
The ~
must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.
But you don't need an expansion for the current users home directory as it is the working directory anyway.
Try
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
Edit:
This works because the working directory on the host (not on the client) is always the home directory of the target user.
The ssh server doesn't expand ~
of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.
Edited as suggested by Kusalananda
This works if I startssh
session when working dir is home dir. Do you know of a way to make this work for any dir?
â Tanachat
Aug 8 at 21:25
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
The left-hand-side is the remote part, so you need to remove~/
from there and add it to the right-hand-side.
â Kusalananda
Aug 9 at 6:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, butssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The~
for the remote path seems significant.
â Tanachat
Aug 9 at 21:43
Edit your answer withssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.
â Tanachat
Aug 9 at 21:45
 |Â
show 1 more comment
up vote
2
down vote
accepted
The ~
must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.
But you don't need an expansion for the current users home directory as it is the working directory anyway.
Try
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
Edit:
This works because the working directory on the host (not on the client) is always the home directory of the target user.
The ssh server doesn't expand ~
of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.
Edited as suggested by Kusalananda
This works if I startssh
session when working dir is home dir. Do you know of a way to make this work for any dir?
â Tanachat
Aug 8 at 21:25
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
The left-hand-side is the remote part, so you need to remove~/
from there and add it to the right-hand-side.
â Kusalananda
Aug 9 at 6:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, butssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The~
for the remote path seems significant.
â Tanachat
Aug 9 at 21:43
Edit your answer withssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.
â Tanachat
Aug 9 at 21:45
 |Â
show 1 more comment
up vote
2
down vote
accepted
up vote
2
down vote
accepted
The ~
must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.
But you don't need an expansion for the current users home directory as it is the working directory anyway.
Try
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
Edit:
This works because the working directory on the host (not on the client) is always the home directory of the target user.
The ssh server doesn't expand ~
of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.
Edited as suggested by Kusalananda
The ~
must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.
But you don't need an expansion for the current users home directory as it is the working directory anyway.
Try
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
Edit:
This works because the working directory on the host (not on the client) is always the home directory of the target user.
The ssh server doesn't expand ~
of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.
Edited as suggested by Kusalananda
edited Aug 9 at 21:59
answered Aug 7 at 6:44
RalfFriedl
3,5601522
3,5601522
This works if I startssh
session when working dir is home dir. Do you know of a way to make this work for any dir?
â Tanachat
Aug 8 at 21:25
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
The left-hand-side is the remote part, so you need to remove~/
from there and add it to the right-hand-side.
â Kusalananda
Aug 9 at 6:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, butssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The~
for the remote path seems significant.
â Tanachat
Aug 9 at 21:43
Edit your answer withssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.
â Tanachat
Aug 9 at 21:45
 |Â
show 1 more comment
This works if I startssh
session when working dir is home dir. Do you know of a way to make this work for any dir?
â Tanachat
Aug 8 at 21:25
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
The left-hand-side is the remote part, so you need to remove~/
from there and add it to the right-hand-side.
â Kusalananda
Aug 9 at 6:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, butssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The~
for the remote path seems significant.
â Tanachat
Aug 9 at 21:43
Edit your answer withssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.
â Tanachat
Aug 9 at 21:45
This works if I start
ssh
session when working dir is home dir. Do you know of a way to make this work for any dir?â Tanachat
Aug 8 at 21:25
This works if I start
ssh
session when working dir is home dir. Do you know of a way to make this work for any dir?â Tanachat
Aug 8 at 21:25
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
I added a suggestion.
â RalfFriedl
Aug 9 at 5:36
The left-hand-side is the remote part, so you need to remove
~/
from there and add it to the right-hand-side.â Kusalananda
Aug 9 at 6:43
The left-hand-side is the remote part, so you need to remove
~/
from there and add it to the right-hand-side.â Kusalananda
Aug 9 at 6:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The ~
for the remote path seems significant.â Tanachat
Aug 9 at 21:43
ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
works. The ~
for the remote path seems significant.â Tanachat
Aug 9 at 21:43
Edit your answer with
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.â Tanachat
Aug 9 at 21:45
Edit your answer with
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
and I'll accept it.â Tanachat
Aug 9 at 21:45
 |Â
show 1 more comment
up vote
1
down vote
The comment doesn't support newlines, so I had to put these here:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT workssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT work
As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME
is replaced by the client shell. This only works if $HOME
on the client and $HOME
on the server are the same. The ~/
is only expanded at the start of a word, not inside. So ~/XX
is $HOME/XX
, but XX:~/
is just XX:~/
"
For those of you who want to automate this with the RemoteForward
keyword in your ssh
config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh
config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.
add a comment |Â
up vote
1
down vote
The comment doesn't support newlines, so I had to put these here:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT workssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT work
As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME
is replaced by the client shell. This only works if $HOME
on the client and $HOME
on the server are the same. The ~/
is only expanded at the start of a word, not inside. So ~/XX
is $HOME/XX
, but XX:~/
is just XX:~/
"
For those of you who want to automate this with the RemoteForward
keyword in your ssh
config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh
config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The comment doesn't support newlines, so I had to put these here:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT workssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT work
As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME
is replaced by the client shell. This only works if $HOME
on the client and $HOME
on the server are the same. The ~/
is only expanded at the start of a word, not inside. So ~/XX
is $HOME/XX
, but XX:~/
is just XX:~/
"
For those of you who want to automate this with the RemoteForward
keyword in your ssh
config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh
config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.
The comment doesn't support newlines, so I had to put these here:
ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST
worksssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT workssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST
does NOT work
As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME
is replaced by the client shell. This only works if $HOME
on the client and $HOME
on the server are the same. The ~/
is only expanded at the start of a word, not inside. So ~/XX
is $HOME/XX
, but XX:~/
is just XX:~/
"
For those of you who want to automate this with the RemoteForward
keyword in your ssh
config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh
config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.
answered Aug 9 at 22:12
Tanachat
1185
1185
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f460963%2fdoes-openssh-7-2-support-local-side-tilde-expansion-for-remote-unix-socket-for%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password