[openssh-dev]: disable ProxyCommand from being used?
Shun-ichi GOTO
gotoh at taiyo.co.jp
Fri Feb 8 18:42:08 EST 2002
>>>>> at Fri, 08 Feb 2002 15:07:54 +0900 (JST)
>>>>> gotoh == Shun-ichi GOTO <gotoh at taiyo.co.jp> said,
gotoh> -----begin-----
gotoh> ## Apply to any host which does not match with "*.local.net"
gotoh> Host !*.local.net *
gotoh> ProxyCommand connect -S firewall.local.net %h %p
gotoh> ----- end -----
gotoh> ## NOTE: Second '*' may be required because "host.remote.net" does not
gotoh> ## match with "!*.local.net". It's behaviour of match_hostname().
What's about following patch? Difference is behaviour of matching
"host.remote.net" with "!*.local.net".
�
--- readconf.c 7 Nov 2001 01:18:31 -0000 1.1.1.2
+++ readconf.c 8 Feb 2002 07:38:25 -0000
@@ -647,12 +647,16 @@
case oHost:
*activep = 0;
- while ((arg = strdelim(&s)) != NULL && *arg != '\0')
- if (match_pattern(host, arg)) {
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ int match = match_hostname(host, arg, strlen(arg));
+ if (*arg=='!')
+ match = !match;
+ if (match) {
debug("Applying options for %.100s", arg);
*activep = 1;
break;
}
+ }
/* Avoid garbage check below, as strdelim is done. */
return 0;
�
With this patch, we can specify ProxyCommand option without extra '*'
like this:
-----begin-----
Host !*.local.net
ProxyCommand connect -S firewall.local.net %h %s
----- end -----
--- Regards,
Shun-ichi Goto <gotoh at taiyo.co.jp>
R&D Group, TAIYO Corp., Tokyo, JAPAN
More information about the openssh-unix-dev
mailing list