From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 20 Apr 2025 02:11:07 +0000 (+0900)
Subject: ssh-proxy: use % as an alternative separator
X-Git-Tag: v258-rc1~772
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7137e0bf24f7ffe15470acedf068f8adc27104e1;p=thirdparty%2Fsystemd.git

ssh-proxy: use % as an alternative separator

Since OpenSSH 10.0p1, specifically
https://anongit.mindrot.org/openssh.git/commit/?id=487cf4c18c123b66c1f3f733398cd37e6b2ab6ab
ssh refuses comma in hostname by default.

Let's use % as an alternative separator.

Follow-up for defd5060d69ba31c1815e7d5427bde93a3db88c0.
---

diff --git a/man/systemd-ssh-proxy.xml b/man/systemd-ssh-proxy.xml
index 79e28e201c9..d8ff6e94ad1 100644
--- a/man/systemd-ssh-proxy.xml
+++ b/man/systemd-ssh-proxy.xml
@@ -24,7 +24,7 @@
 
   <refsynopsisdiv>
     <programlisting>
-Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
+Host unix/* unix%* vsock/* vsock%* vsock-mux/* vsock-mux%*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
 </programlisting>
@@ -46,7 +46,7 @@ Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
     configuration fragment like the following:</para>
 
     <programlisting>
-Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,*
+Host unix/* unix%* vsock/* vsock%* vsock-mux/* vsock-mux%*
     ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
     ProxyUseFdpass yes
     CheckHostIP no
@@ -70,7 +70,7 @@ Host .host
     multiplexer over <constant>AF_UNIX</constant> sockets. See
     <ulink url="https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md">cloud-hypervisor VSOCK support</ulink>
     and <ulink url="https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md">Using the Firecracker Virtio-vsock Device</ulink>.
-    Note that <literal>,</literal> can be used as a separator instead of <literal>/</literal> to be
+    Note that <literal>%</literal> can be used as a separator instead of <literal>/</literal> to be
     compatible with tools like <literal>scp</literal> and <literal>rsync</literal>.</para>
 
     <para>Moreover, connecting to <literal>.host</literal> will connect to the local host via SSH, without
@@ -119,7 +119,7 @@ Host .host
     <example>
       <title>Copy local 'foo' file to a local VM with CID 1348</title>
 
-      <programlisting>scp foo vsock,1348:</programlisting>
+      <programlisting>scp foo vsock%1348:</programlisting>
     </example>
   </refsect1>
 
diff --git a/src/ssh-generator/20-systemd-ssh-proxy.conf.in b/src/ssh-generator/20-systemd-ssh-proxy.conf.in
index bafd9634d34..e43560aa74b 100644
--- a/src/ssh-generator/20-systemd-ssh-proxy.conf.in
+++ b/src/ssh-generator/20-systemd-ssh-proxy.conf.in
@@ -9,7 +9,7 @@ Host .host machine/.host
 # Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths.
 # Make sure machine/* can be used to connect to local machines registered in machined.
 #
-Host unix/* unix,* vsock/* vsock,* vsock-mux/* vsock-mux,* machine/* machine,*
+Host unix/* unix%* vsock/* vsock%* vsock-mux/* vsock-mux%* machine/* machine%*
         ProxyCommand {{LIBEXECDIR}}/systemd-ssh-proxy %h %p
         ProxyUseFdpass yes
         CheckHostIP no
diff --git a/src/ssh-generator/ssh-proxy.c b/src/ssh-generator/ssh-proxy.c
index c5c10adc6eb..19f47dcee3d 100644
--- a/src/ssh-generator/ssh-proxy.c
+++ b/src/ssh-generator/ssh-proxy.c
@@ -178,7 +178,7 @@ static int process_machine(const char *machine, const char *port) {
 static char *startswith_sep(const char *s, const char *prefix) {
         const char *p = startswith(s, prefix);
 
-        if (p && IN_SET(*p, '/', ','))
+        if (p && IN_SET(*p, '/', '%'))
                 return (char*) p + 1;
 
         return NULL;
diff --git a/test/units/TEST-74-AUX-UTILS.ssh.sh b/test/units/TEST-74-AUX-UTILS.ssh.sh
index 6a4f766b6a2..da2188ea3ef 100755
--- a/test/units/TEST-74-AUX-UTILS.ssh.sh
+++ b/test/units/TEST-74-AUX-UTILS.ssh.sh
@@ -66,7 +66,7 @@ if test -e /dev/vsock -a -d /sys/module/vsock_loopback ; then
         echo "scp not found, skipping subtest" >&2
     else
         OUT_FILE=$(mktemp -u)
-        scp -o StrictHostKeyChecking=no -v -i "$ROOTID" vsock,1:/etc/machine-id "$OUT_FILE"
+        scp -o StrictHostKeyChecking=no -v -i "$ROOTID" vsock%1:/etc/machine-id "$OUT_FILE"
         cmp "$OUT_FILE" /etc/machine-id
         rm -f "$OUT_FILE"
     fi