===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.460
retrieving revision 1.461
diff -u -r1.460 -r1.461
--- src/usr.bin/ssh/ssh.c	2017/05/30 08:52:19	1.460
+++ src/usr.bin/ssh/ssh.c	2017/05/30 18:58:37	1.461
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.460 2017/05/30 08:52:19 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.461 2017/05/30 18:58:37 bluhm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -942,12 +942,6 @@
 		}
 	}
 
-	/* Cannot fork to background if no command. */
-	if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
-	    !no_shell_flag)
-		fatal("Cannot fork into background without a command "
-		    "to execute.");
-
 	/*
 	 * Initialize "log" output.  Since we are the client all output
 	 * goes to stderr unless otherwise specified by -y or -E.
@@ -1101,6 +1095,15 @@
 	if (original_effective_uid != 0)
 		options.use_privileged_port = 0;
 
+	if (buffer_len(&command) != 0 && options.remote_command != NULL)
+		fatal("Cannot execute command-line and remote command.");
+
+	/* Cannot fork to background if no command. */
+	if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
+	    options.remote_command == NULL && !no_shell_flag)
+		fatal("Cannot fork into background without a command "
+		    "to execute.");
+
 	/* reinit */
 	log_init(argv0, options.log_level, options.log_facility, !use_syslog);
 
@@ -1109,7 +1112,7 @@
 		tty_flag = 1;
 
 	/* Allocate a tty by default if no command specified. */
-	if (buffer_len(&command) == 0)
+	if (buffer_len(&command) == 0 && options.remote_command == NULL)
 		tty_flag = options.request_tty != REQUEST_TTY_NO;
 
 	/* Force no tty */
@@ -1161,6 +1164,27 @@
 		    (char *)NULL);
 		debug3("expanded LocalCommand: %s", options.local_command);
 		free(cp);
+	}
+
+	if (options.remote_command != NULL) {
+		debug3("expanding RemoteCommand: %s", options.remote_command);
+		cp = options.remote_command;
+		options.remote_command = percent_expand(cp,
+		    "C", conn_hash_hex,
+		    "L", shorthost,
+		    "d", pw->pw_dir,
+		    "h", host,
+		    "l", thishost,
+		    "n", host_arg,
+		    "p", portstr,
+		    "r", options.user,
+		    "u", pw->pw_name,
+		    (char *)NULL);
+		debug3("expanded RemoteCommand: %s", options.remote_command);
+		free(cp);
+		buffer_append(&command, options.remote_command,
+		    strlen(options.remote_command));
+
 	}
 
 	if (options.control_path != NULL) {