On 2022/11/30 08:53, Andy Bradford wrote: > Thus said "Theo de Raadt" on Wed, 23 Nov 2022 18:56:21 -0700: > > > A new "enablecommandline" configuration option re-enables those > > particular features, and the diff later on will show why we feel these > > features should be optional. > > Glad that the option is being retained as optional but I also look > forward to seeing the rationale for this change. I for one use the ~C, > not daily, but often enough that I would have noticed over a longer > period of time because I don't run -current.
It allows a much tighter pledge in the client, so less attack surface against a bad server. > In my particular scenario, I often open up long running SSH sessions > that have tunnels to other TCP/IP sessions (some of them interactive), > and the ability to add tunnels dynamically means that I don't have to > restart a bunch of interactive sessions or interrupt other long-running > things over the tunnels. If I decide that the tunnel is something I want > to use long-term, I'll add it to ~/.ssh/config for future use. Alternatively you can use connection multiplexing (which didn't support ~C anyway) and run a separate ssh -L / -R, which will establish an extra channel using the existing connection.
