[Bug 3544] Support CIDR notation for host pattern matching

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 2 14:07:56 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3544

--- Comment #2 from bts at square-r00t.net ---
Thank you, Damien; that makes a lot of sense and I certainly can't
imagine I'd be the first to suggest this. I too searched for something
similar in bugzilla but couldn't find anything.

I'm assuming the same/similar limitations apply to known_hosts key
matching?

Would it be possible to support some sort of prefix to these strings to
indicate explicitly that they're e.g. a CIDR or address instead of
hostname/DNS name and can thus skip globbing, translation, etc. and go
to CIDR matching, etc.? e.g.:

ip:
cidr:
ip6:
cidr6:

(thus, an ssh_config could have:

Host ip:198.51.100.3
  ...

and a known_hosts could have:

somehost,cidr:198.51.100.0/24 ssh-ed25519 AA....
)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list