From: "Theo de Raadt" Subject: Re: [PATCH] ssh-add: Support @ in the user part of destination constraints To: Max Zettlmeißl Cc: tech@openbsd.org Date: Mon, 19 Aug 2024 20:22:29 -0600 Max =?utf-8?Q?Zettlmei=C3=9Fl?= wrote: > Properly adding a (complete) host constraint for one of my Git SSH > identities was impossible because the string got split into username > and host at the first @ sign, yet the username itself contains an @ > sign. > > This patch changes the behaviour to split on the last @ sign. > > In addition to running the patched version against all my constraints, > I also tested it with the additional line `debug3_f("User: \"%s\" > Host: \"%s\"", dch->user, dch->hostname);` to make sure that I have no > off-by-one error which would lead to wrongly parsed components. I > decided against including that in the patch. I'm sorry, I have a hostname that has an '@' in it, you are breaking my use case. /sarc How do you justify your choice. Where is the documentation change? Your choice means all user-authentication layers are now exposed to a login name with a '@' in it. Are they all prepared for that? Maybe, but they have not been reviewed. Why does your username have a seperation character in it? Whatever you are doing in that subsystem sounds like a serious mistake. I've never heard of this problem before. It is only you.