Question regarding patch for ProxyCommand setting
Thomas Binder
binder at arago.de
Fri Sep 27 02:19:10 EST 2002
Hi!
I recently started using ProxyCommand and noticed that it's not
possible to specify a "none" value for it. I've already written a
patch for that, but wanted to discuss the issue before posting the
patch.
The problem is the following: I'd like to use a ProxyCommand by
default, but exclude some hosts. But as soon as I have
Host *
ProxyCommand /some/proxy/command %h %p
at the end of ssh_config, there's no way to disable ProxyCommand
in another host section.
I need this to still have the possibility to access localhost
without host key checking [1], i.e. I'd like to have something
like
Host localhost
ProxyCommand -
That'd be necessary because as soon as a ProxyCommand is active,
NoHostAuthenticationForLocalhost is ignored because OpenSSH no
longer has a way to tell whether "localhost" is really the
loopback interface.
So, is there any way to achieve what I want without adding support
for something like "ProxyCommand -" (and without having to add
each and every host that should be accessed via the proxy command
to ssh_config)? And if there's no other way, would there be
interest in adding my patch?
Ciao
Thomas
[1] That's because I've written shell scripts that allow to copy
files from and to remote hosts that can only be accessed with
an ssh chain (e.g. ssh -t host1 ssh -t host2 ssh -t host3).
This is achieved by automatically opening a tunnel to port 22
of the remote host using such a chain, and then scp to and
from localhost. Without NoHostAuthenticationForLocalhost, scp
would always fail because of a changed host key.
--
"No, `Eureka' is Greek for `This bath is too hot.'"
-- Dr. Who
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 467 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020926/3f33a9bf/attachment.bin
More information about the openssh-unix-dev
mailing list