[openssh-dev]: disable ProxyCommand from being used?
Shinichi Maruyama
marya at st.jip.co.jp
Fri Feb 8 13:18:11 EST 2002
gotoh> >>>>> at Thu, 7 Feb 2002 03:18:53 -0800
gotoh> >>>>> dan == "Dan Kaminsky" <dan at doxpara.com> said,
gotoh>
gotoh> dan> ssh -o ProxyCommand="" user at host
gotoh> dan> ...doesn't work.
gotoh>
gotoh> When I talk with him, I didn't have fine solution.
gotoh> But now I have one solution for limited case.
gotoh> If you want to use proxy command only for out side the wall,
gotoh> write ~/.ssh/config like this:
gotoh>
gotoh> -----begin-----
gotoh> Host !*.local.net
gotoh> ProxyCommand connect -S firewall.local.net %h %s
gotoh> ----- end -----
gotoh>
gotoh> I think almost users are enough with this.
I do want to do this. But Host syntax does not allow '!' for
negative match.
In readconf.c, I think it's better to use match_hostname()
like this (not tested yet).
--- readconf.c.orig Tue Feb 5 10:26:35 2002
+++ readconf.c Fri Feb 8 10:25:11 2002
@@ -647,12 +647,17 @@
case oHost:
*activep = 0;
- while ((arg = strdelim(&s)) != NULL && *arg != '\0')
- if (match_pattern(host, arg)) {
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ int matched = match_hostname(host, arg, strlen(arg)) ;
+ if (matched == 1) {
debug("Applying options for %.100s", arg);
*activep = 1;
break;
+ } else if (matched == -1) { /* negative match */
+ debug("Not applying options for %.100s", arg);
+ break;
}
+ }
/* Avoid garbage check below, as strdelim is done. */
return 0;
--
Sinichi Maruyama <marya at st.jip.co.jp>
Japan Information Processing Service,Co,Ltd.
2-4-24 Toyo, Koto-ku ,Tokyo, 135, Japan
More information about the openssh-unix-dev
mailing list