[openssh-dev]: disable ProxyCommand from being used?
Shun-ichi GOTO
gotoh at taiyo.co.jp
Fri Feb 8 17:07:54 EST 2002
>>>>> at Fri, 08 Feb 2002 11:18:11 +0900 (JST)
>>>>> marya == Shinichi Maruyama <marya at st.jip.co.jp> said,
gotoh> -----begin-----
gotoh> Host !*.local.net
gotoh> ProxyCommand connect -S firewall.local.net %h %s
gotoh> ----- end -----
gotoh>
gotoh> I think almost users are enough with this.
marya> I do want to do this. But Host syntax does not allow '!' for
marya> negative match.
marya> In readconf.c, I think it's better to use match_hostname()
marya> like this (not tested yet).
Yeah, I've tried your patch.
Then we can write ~/.ssh/config like this:
-----begin-----
## Apply to any host which does not match with "*.local.net"
Host !*.local.net *
ProxyCommand connect -S firewall.local.net %h %p
----- end -----
## NOTE: Second '*' may be required because "host.remote.net" does not
## match with "!*.local.net". It's behaviour of match_hostname().
But, if you use HostName option as host alias, above config might not
work as you want. For example, with config bellow, "ssh foo" command
apply both entry, then it invokes proxy command.
-----begin-----
##
Host foo foo.local.net
HostName foo.local.net
## Apply to any host which does not match with "*.local.net"
Host !*.local.net *
ProxyCommand connect -S firewall.local.net %h %p
----- end -----
As long as we recognize this behaviour, I think your patch can be used
to switch use of proxy command.
--- Regards,
Shun-ichi Goto <gotoh at taiyo.co.jp>
R&D Group, TAIYO Corp., Tokyo, JAPAN
More information about the openssh-unix-dev
mailing list