It seems the suggested workaround does not work with the actual
executable name "nc.openbsd":
~ $ which ssh
/usr/bin/ssh
~ $ cat ~/.ssh/config
Host testserver
Hostname aasdfasdfasdfkfshd.onion
~ $ firejail --noblacklist=/bin/nc.openbsd ssh \
-oProxyCommand="/bin/nc.openbsd -x 127.0.0.1:9050 %h %p" testserver
/bin/bash: /bin/nc.openbsd: Permission denied
/bin/bash: line 0: exec: /bin/nc.openbsd: cannot execute: Permission denied
ssh_exchange_identification: Connection closed by remote host
These work:
firejail --noblacklist='${PATH}/nc' --noblacklist=/bin/nc.openbsd ssh \
-oProxyCommand="/bin/nc.openbsd -x 127.0.0.1:9050 %h %p" testserver
firejail --noblacklist='${PATH}/nc' ssh \
-oProxyCommand="nc --x 127.0.0.1:9050 %h %p" testserver
This is confusing, but perhaps required. You can close this issue if
you think that's appropriate.
