[openssh-dev]: disable ProxyCommand from being used?

Shinichi Maruyama marya at st.jip.co.jp
Fri Feb 8 13:18:11 EST 2002


gotoh> >>>>> at Thu, 7 Feb 2002 03:18:53 -0800
gotoh> >>>>> dan == "Dan Kaminsky" <dan at doxpara.com> said,
gotoh> 
gotoh> dan> ssh -o ProxyCommand="" user at host
gotoh> dan> ...doesn't work.
gotoh> 
gotoh> When I talk with him, I didn't have fine solution.
gotoh> But now I have one solution for limited case.
gotoh> If you want to use proxy command only for out side the wall,
gotoh> write ~/.ssh/config like this:
gotoh> 
gotoh> -----begin-----
gotoh> Host !*.local.net
gotoh>   ProxyCommand connect -S firewall.local.net %h %s
gotoh> ----- end -----
gotoh> 
gotoh> I think almost users are enough with this.

	I do want to do this. But Host syntax does not allow '!' for
negative match.
	In readconf.c, I think it's better to use match_hostname()
like this (not tested yet).

--- readconf.c.orig	Tue Feb  5 10:26:35 2002
+++ readconf.c	Fri Feb  8 10:25:11 2002
@@ -647,12 +647,17 @@
 
 	case oHost:
 		*activep = 0;
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0')
-			if (match_pattern(host, arg)) {
+		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+			int matched = match_hostname(host, arg, strlen(arg)) ;
+			if (matched == 1) {
 				debug("Applying options for %.100s", arg);
 				*activep = 1;
 				break;
+			} else if (matched == -1) {	/* negative match */
+				debug("Not applying options for %.100s", arg);
+				break;
 			}
+		}
 		/* Avoid garbage check below, as strdelim is done. */
 		return 0;
 
-- 
Sinichi Maruyama <marya at st.jip.co.jp>
Japan Information Processing Service,Co,Ltd.
2-4-24 Toyo, Koto-ku ,Tokyo, 135, Japan



More information about the openssh-unix-dev mailing list