diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2018-11-16 06:17:39 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2018-11-16 06:17:39 +0000 |
| commit | 1927c5d14813ef80abe1b92137b658353bfbc8b4 (patch) | |
| tree | 4f9697426e7b3b957a8acdc98d2e234be8946b95 /usr.bin | |
| parent | baa667c7c433c0136c7b7eac3a26b7fe802a7613 (diff) | |
redirect stderr of ProxyCommands to /dev/null when ssh is started with
ControlPersist; based on patch from Steffen Prohaska
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 0d3a073f51b..591f1435ecb 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.306 2018/10/15 11:28:50 florian Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.307 2018/11/16 06:17:38 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -65,6 +65,7 @@ static int matching_host_key_dns = 0; static pid_t proxy_command_pid = 0; /* import */ +extern int debug_flag; extern Options options; extern char *__progname; @@ -86,6 +87,24 @@ expand_proxy_command(const char *proxy_command, const char *user, return ret; } +static void +stderr_null(void) +{ + int devnull; + + if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) { + error("Can't open %s for stderr redirection: %s", + _PATH_DEVNULL, strerror(errno)); + return; + } + if (devnull == STDERR_FILENO) + return; + if (dup2(devnull, STDERR_FILENO) == -1) + error("Cannot redirect stderr to %s", _PATH_DEVNULL); + if (devnull > STDERR_FILENO) + close(devnull); +} + /* * Connect to the given ssh server using a proxy command that passes a * a connected fd back to us. @@ -128,9 +147,12 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, close(sp[0]); /* - * Stderr is left as it is so that error messages get - * printed on the user's terminal. + * Stderr is left for non-ControlPersist connections is so + * error messages may be printed on the user's terminal. */ + if (debug_flag || !options.control_persist) + stderr_null(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; @@ -206,8 +228,13 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); - /* Stderr is left as it is so that error messages get - printed on the user's terminal. */ + /* + * Stderr is left for non-ControlPersist connections is so + * error messages may be printed on the user's terminal. + */ + if (debug_flag || !options.control_persist) + stderr_null(); + argv[0] = shell; argv[1] = "-c"; argv[2] = command_string; |