The requested release binding is patch. The ssh_config(4) file is Evolving, this case is about a set of changes that may help bring it up to Stable. This case does not assert that ssh_config(4) become Stable at this time. The taxonomy of the new options is Evolving. ABSTRACT -------- This case concerns ssh(1)'s behaviour in the face of unknown configuration options. It's been recently discovered that the current behaviour (exit with an error message) makes per-user ssh configuration files (see ssh(1) and ssh_config(4)) not extensible in compatible ways. This behaviour is inherited from OpenSSH and exists ostensibly to prevent mis-spelling and other errors from causing security problems. This behaviour affects compatibility between SUNWssh versions as well as between all versions and derivatives of OpenSSH which share the per-user configuration file path "~/.ssh/config" and a solution is badly needed. PROPOSAL -------- We note that the OpenSSH team feels free to add new ssh_config(4) parameters at any time, thus refraining from adding parameters to ssh_config(4) is not an option. Silently ignoring unknown parameters is not an option either since this can cause users to assume that ssh(1) understood a given parameter when it didn't. Neither is prompting about unknown parameters appealing. Therefore we propose to make ssh(1) support a mechanism by which to inform it of parameters known to other versions of ssh(1) which can then be safely ignored by it: - Add a new ssh_config(4) ssh configuration parameter called 'IgnoreIfUnknown' whose value(s) is(are) comma-separated lists of configuration parameter names. Man page text: IgnoreIfUnknown Specifies a comma-separated list of ssh_config(4) parameters which, if unknown to ssh(1) are to be ignored by ssh(1). Multiple values for this parameter may be given; ssh(1) will honor the combined lists. This parameter is primarily intended to be used in the system-wide ssh_config(4), though it may also be used in the per-user ssh_config(4) (~/.ssh/config) files. - Add a new ssh_config(4) ssh configuration parameter called 'DontIgnoreIfUnknown' whose value(s) is(are) comma-separated lists of configuration parameter names which must not be ignored by ssh(1)'s which do not understand them. This parameter overrides 'IgnoreIfUnknown'. Man page text: DontIgnoreIfUnknown Specifies a comma-separated list of ssh_config(4) parameters which must not be ignored by ssh(1) if it does not support them. Multiple values for this parameter may be given; ssh(1) will honor the combined lists. This parameter is primarily intended to be used in the per-user ssh_config(4) (~/.ssh/config) files. - Whenever new ssh_config(4) configuration parameters are added in micro/patch releases the release notes will document the need to update /etc/ssh/ssh_config on older systems to add the new parameters to the IgnoreIfUnknown lists. - Whenever new ssh_config(4) configuration parameters are added a patch should be considered for previous minor releases to update IgnoreIfUnknown in /etc/ssh/ssh_config. - Support for IgnoreIfUnknown should be backported to SUNWssh 1.0.x (Solaris 9's ssh). - Sun will contribute patches to OpenSSH for this new option. The OpenSSH team doesn't seem to want to commit to any solution; typically they don't like to commit to adding support for any user requested features unless patches are included. REFERENCES ---------- http://bugzilla.mindrot.org/show_bug.cgi?id=866