Debian Bug report logs - #289403
openssh: ssh documentation: No docs on -- flag.

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <[email protected]>; Source for ssh is src:openssh (PTS, buildd, popcon).

Reported by: Greg Kochanski <[email protected]>

Date: Sat, 8 Jan 2005 23:03:05 UTC

Severity: minor

Tags: upstream, wontfix

Forwarded to http://bugzilla.mindrot.org/show_bug.cgi?id=970

Reply or subscribe to this bug.

Display info messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to [email protected], Matthew Vernon <[email protected]>:
Bug#289403; Package openssh. (full text, mbox, link).

Acknowledgement sent to Greg Kochanski <[email protected]>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <[email protected]>. (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

Package: openssh
Severity: minor


The -- flag is not documented in the ssh man page or
in the 'usage:' information that is printed by ssh.
It actually does work as one would expect.

This is mildly important, because if anyone were to write a
shell script that executed

ssh "$host" ls

and the host name was set to some flag (like -2),
then ssh would unexpectedly try to connect to
a host named "ls".

It might be possible to create some sort of a security
breach this way, though it would take a good bit
of ingenuity.

scp -- "$host" ls

cleanly  removes the possibility of trouble from hostnames beginning
with hyphens.   It should be encouraged.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Bug reassigned from package `openssh' to `ssh'. Request was from Colin Watson <[email protected]> to [email protected]. (full text, mbox, link).

Information forwarded to [email protected], Matthew Vernon <[email protected]>:
Bug#289403; Package ssh. (full text, mbox, link).

Acknowledgement sent to Colin Watson <[email protected]>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <[email protected]>. (full text, mbox, link).

Message #12 received at [email protected] (full text, mbox, reply):

forwarded 289401 http://bugzilla.mindrot.org/show_bug.cgi?id=970
forwarded 289403 http://bugzilla.mindrot.org/show_bug.cgi?id=970
thanks

On Sat, Jan 08, 2005 at 10:43:32PM +0000, Greg Kochanski wrote:
> The -- flag actually works as one might expect, but it is
> not documented either in the man page or in the 'Usage'
> output of scp.

I've forwarded your suggestion from both this bug and #289403 (they're
really the same, I think, even though the documentation would need to be
written in two places) to the OpenSSH portable team. Thanks!

-- 
Colin Watson                                       [[email protected]]

Noted your statement that Bug has been forwarded to http://bugzilla.mindrot.org/show_bug.cgi?id=970. Request was from Colin Watson <[email protected]> to [email protected]. (full text, mbox, link).

Tags added: upstream, wontfix Request was from [email protected] to [email protected]. (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 15:51:59 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #289403 openssh: ssh documentation: No docs on -- flag.

Debian Bug report logs - #289403
openssh: ssh documentation: No docs on -- flag.