Skip to content

ssh_options_apply might be called twice for a session, which is bad

With libssh 0.10.4, we see this output when a ProxyCommand is configured in the config:

ssh_socket_connect_proxycommand:  Executing proxycommand 'exec exec /usr/bin/sss_ssh_knownhostsproxy -p 22 x0.cockpit.lan'
...
ssh_socket_close:  Proxy command returned 127

Note the double "exec" in the executed command.

The double "exec" is in there because ssh_options_apply is called twice for a given ssh_session structure, and each call adds one "exec " prefix to ProxyCommand.

AFAIUI, ssh_options_apply must only be called once, it does not protect itself against being called twice. However, ssh_session_connect calls it unconditionally, and for example ssh_session_has_known_hosts_entry will call it if it hasn't been called before.

Thus, if the user calls first ssh_session_has_known_hosts_entry and then ssh_session_connect, ssh_options_apply will be called twice, which is a bug.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information