Does OpenSSH >=7.2 support local-side tilde expansion for remote Unix socket forwarding

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I am trying to forward a gpg-agent Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:



  • A: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST

  • B: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST

They both report successful remote forwarding after initial ssh connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye while option B's socket works fine.



I want to know whether it is possible to do local home directory expansion with ssh remote forwarding command. If not, why?






ssh openssh forwarding unix-sockets







share|improve this question

























    up vote
    1
    down vote

    favorite












    I am trying to forward a gpg-agent Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:



    • A: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST

    • B: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST

    They both report successful remote forwarding after initial ssh connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye while option B's socket works fine.



    I want to know whether it is possible to do local home directory expansion with ssh remote forwarding command. If not, why?






    ssh openssh forwarding unix-sockets







    share|improve this question























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I am trying to forward a gpg-agent Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:



      • A: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST

      • B: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST

      They both report successful remote forwarding after initial ssh connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye while option B's socket works fine.



      I want to know whether it is possible to do local home directory expansion with ssh remote forwarding command. If not, why?






      ssh openssh forwarding unix-sockets







      share|improve this question













      I am trying to forward a gpg-agent Unix socket to a remote machine. I have tried the following two versions of the remote forwarding command:



      • A: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST

      • B: ssh -vvv -N -R ~/.gnupg/S.gpg-agent:/home/USER/.gnupg/S.gpg-agent.extra HOST

      They both report successful remote forwarding after initial ssh connection. However, option A's socket fails with debug1: connect_next: host ~/.gnupg/S.gpg-agent.extra ([unix]:~/.gnupg/S.gpg-agent.extra): No such file or directory when an actual data connection is attempted on the remote machine with gpg-connect-agent /bye while option B's socket works fine.



      I want to know whether it is possible to do local home directory expansion with ssh remote forwarding command. If not, why?






      ssh openssh forwarding unix-sockets




      ssh openssh forwarding unix-sockets






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Aug 7 at 6:34









      Tanachat

      1185




      1185




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote



          accepted










          The ~ must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.



          But you don't need an expansion for the current users home directory as it is the working directory anyway.



          Try



          ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST


          Edit:



          This works because the working directory on the host (not on the client) is always the home directory of the target user.



          The ssh server doesn't expand ~ of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.



          Edited as suggested by Kusalananda






          share|improve this answer






















          • This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
            – Tanachat
            Aug 8 at 21:25










          • I added a suggestion.
            – RalfFriedl
            Aug 9 at 5:36










          • The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
            – Kusalananda
            Aug 9 at 6:43










          • ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
            – Tanachat
            Aug 9 at 21:43










          • Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
            – Tanachat
            Aug 9 at 21:45

















          up vote
          1
          down vote













          The comment doesn't support newlines, so I had to put these here:




          • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


          • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


          • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work


          • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work

          As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME is replaced by the client shell. This only works if $HOME on the client and $HOME on the server are the same. The ~/ is only expanded at the start of a word, not inside. So ~/XX is $HOME/XX, but XX:~/ is just XX:~/"



          For those of you who want to automate this with the RemoteForward keyword in your ssh config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f460963%2fdoes-openssh-7-2-support-local-side-tilde-expansion-for-remote-unix-socket-for%23new-answer', 'question_page');

            );

            Post as a guest

















            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            2
            down vote



            accepted










            The ~ must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.



            But you don't need an expansion for the current users home directory as it is the working directory anyway.



            Try



            ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST


            Edit:



            This works because the working directory on the host (not on the client) is always the home directory of the target user.



            The ssh server doesn't expand ~ of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.



            Edited as suggested by Kusalananda






            share|improve this answer






















            • This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
              – Tanachat
              Aug 8 at 21:25










            • I added a suggestion.
              – RalfFriedl
              Aug 9 at 5:36










            • The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
              – Kusalananda
              Aug 9 at 6:43










            • ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
              – Tanachat
              Aug 9 at 21:43










            • Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
              – Tanachat
              Aug 9 at 21:45














            up vote
            2
            down vote



            accepted










            The ~ must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.



            But you don't need an expansion for the current users home directory as it is the working directory anyway.



            Try



            ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST


            Edit:



            This works because the working directory on the host (not on the client) is always the home directory of the target user.



            The ssh server doesn't expand ~ of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.



            Edited as suggested by Kusalananda






            share|improve this answer






















            • This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
              – Tanachat
              Aug 8 at 21:25










            • I added a suggestion.
              – RalfFriedl
              Aug 9 at 5:36










            • The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
              – Kusalananda
              Aug 9 at 6:43










            • ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
              – Tanachat
              Aug 9 at 21:43










            • Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
              – Tanachat
              Aug 9 at 21:45












            up vote
            2
            down vote



            accepted







            up vote
            2
            down vote



            accepted






            The ~ must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.



            But you don't need an expansion for the current users home directory as it is the working directory anyway.



            Try



            ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST


            Edit:



            This works because the working directory on the host (not on the client) is always the home directory of the target user.



            The ssh server doesn't expand ~ of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.



            Edited as suggested by Kusalananda






            share|improve this answer














            The ~ must be expanded by some program. Usually this program is the shell. The sshd daemon doesn't feed the path to a shell and doesn't expand the path.



            But you don't need an expansion for the current users home directory as it is the working directory anyway.



            Try



            ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST


            Edit:



            This works because the working directory on the host (not on the client) is always the home directory of the target user.



            The ssh server doesn't expand ~ of environment variables, but it should be possible to execute code on the host to create a link or symlink to a known location that can be used by the ssh server.



            Edited as suggested by Kusalananda







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Aug 9 at 21:59

























            answered Aug 7 at 6:44









            RalfFriedl

            3,5601522




            3,5601522











            • This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
              – Tanachat
              Aug 8 at 21:25










            • I added a suggestion.
              – RalfFriedl
              Aug 9 at 5:36










            • The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
              – Kusalananda
              Aug 9 at 6:43










            • ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
              – Tanachat
              Aug 9 at 21:43










            • Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
              – Tanachat
              Aug 9 at 21:45
















            • This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
              – Tanachat
              Aug 8 at 21:25










            • I added a suggestion.
              – RalfFriedl
              Aug 9 at 5:36










            • The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
              – Kusalananda
              Aug 9 at 6:43










            • ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
              – Tanachat
              Aug 9 at 21:43










            • Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
              – Tanachat
              Aug 9 at 21:45















            This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
            – Tanachat
            Aug 8 at 21:25




            This works if I start ssh session when working dir is home dir. Do you know of a way to make this work for any dir?
            – Tanachat
            Aug 8 at 21:25












            I added a suggestion.
            – RalfFriedl
            Aug 9 at 5:36




            I added a suggestion.
            – RalfFriedl
            Aug 9 at 5:36












            The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
            – Kusalananda
            Aug 9 at 6:43




            The left-hand-side is the remote part, so you need to remove ~/ from there and add it to the right-hand-side.
            – Kusalananda
            Aug 9 at 6:43












            ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
            – Tanachat
            Aug 9 at 21:43




            ssh -vvv -N -R .gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST fails, but ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works. The ~ for the remote path seems significant.
            – Tanachat
            Aug 9 at 21:43












            Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
            – Tanachat
            Aug 9 at 21:45




            Edit your answer with ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST and I'll accept it.
            – Tanachat
            Aug 9 at 21:45












            up vote
            1
            down vote













            The comment doesn't support newlines, so I had to put these here:




            • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


            • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


            • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work


            • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work

            As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME is replaced by the client shell. This only works if $HOME on the client and $HOME on the server are the same. The ~/ is only expanded at the start of a word, not inside. So ~/XX is $HOME/XX, but XX:~/ is just XX:~/"



            For those of you who want to automate this with the RemoteForward keyword in your ssh config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.






            share|improve this answer
























              up vote
              1
              down vote













              The comment doesn't support newlines, so I had to put these here:




              • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


              • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


              • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work


              • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work

              As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME is replaced by the client shell. This only works if $HOME on the client and $HOME on the server are the same. The ~/ is only expanded at the start of a word, not inside. So ~/XX is $HOME/XX, but XX:~/ is just XX:~/"



              For those of you who want to automate this with the RemoteForward keyword in your ssh config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.






              share|improve this answer






















                up vote
                1
                down vote










                up vote
                1
                down vote









                The comment doesn't support newlines, so I had to put these here:




                • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


                • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


                • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work


                • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work

                As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME is replaced by the client shell. This only works if $HOME on the client and $HOME on the server are the same. The ~/ is only expanded at the start of a word, not inside. So ~/XX is $HOME/XX, but XX:~/ is just XX:~/"



                For those of you who want to automate this with the RemoteForward keyword in your ssh config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.






                share|improve this answer












                The comment doesn't support newlines, so I had to put these here:




                • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


                • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:$HOME/.gnupg/S.gpg-agent.extra HOST works


                • ssh -vvv -N -R ~/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work


                • ssh -vvv -N -R $HOME/.gnupg/S.gpg-agent:~/.gnupg/S.gpg-agent.extra HOST does NOT work

                As @RalfFriedl explained in his comment (copied here verbatim), "The $HOME is replaced by the client shell. This only works if $HOME on the client and $HOME on the server are the same. The ~/ is only expanded at the start of a word, not inside. So ~/XX is $HOME/XX, but XX:~/ is just XX:~/"



                For those of you who want to automate this with the RemoteForward keyword in your ssh config file, note that there is no variable expansion there, so you need to use absolute paths. Your best bet is to create a symlink to a known location and use that path for the ssh config file. I'm using the same config file across multiple platform (Ubuntu, Fedora, MacOS, ...), so that's what I'll have to do.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 9 at 22:12









                Tanachat

                1185




                1185



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f460963%2fdoes-openssh-7-2-support-local-side-tilde-expansion-for-remote-unix-socket-for%23new-answer', 'question_page');

                    );

                    Post as a guest
































































                    -

                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
                    Read more

                    Bahrain

                    Image
                    For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
                    Read more

                    Postfix configuration issue with fips on centos 7; mailgun relay

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
                    Read more