RebaneMar 9

did you know that SSH has a little-known secret menu?

i wrote a post about this on cohost a while back, but since that site shut down i'm posting it here too

Show threadbaloo

@rebane2001 Disabled by default on openssh *client* 9.2 and above.

https://github.com/openssh/openssh-portable/commit/f7cebbbf407d772ed71403d314343766782fe540

```
Host *
EnableEscapeCommandline yes
```
In your ssh_config file to re-enable it.

upstream: New EnableEscapeCommandline ssh_config(5) option · openssh/openssh-portable@f7cebbb

This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback d...

GitHub
Mar 9 at 6:16pmWeb
Show threadMica Mar 9
@baloo @rebane2001 that's only the command line (~c). the other escape sequences still work by default.
Show threadbalooMar 9
@mica @rebane2001 fair.
Show threadRogan DawesMar 9
@baloo @mica @rebane2001 it’s a good security default. Imagine a bastion host or other program that allows you to ssh to a target host. The expectation is that all you can do is interact with the terminal on the target, or exit. However, the ssh escape allows you to create and delete tunnels, amongst other things, which might not have been anticipated. Disabling by default removes the surprise.
Show threadTobiasMar 10
@baloo @rebane2001 That's only for the commandline you can get with `~C` , the rest is unaffected.