Question regarding patch for ProxyCommand setting

Thomas Binder binder at arago.de
Fri Sep 27 02:19:10 EST 2002


Hi!

I recently started using ProxyCommand and noticed that it's not
possible to specify a "none" value for it. I've already written a
patch for that, but wanted to discuss the issue before posting the
patch.

The problem is the following: I'd like to use a ProxyCommand by
default, but exclude some hosts. But as soon as I have

Host *
	ProxyCommand /some/proxy/command %h %p

at the end of ssh_config, there's no way to disable ProxyCommand
in another host section.

I need this to still have the possibility to access localhost
without host key checking [1], i.e. I'd like to have something
like

Host localhost
	ProxyCommand -

That'd be necessary because as soon as a ProxyCommand is active,
NoHostAuthenticationForLocalhost is ignored because OpenSSH no
longer has a way to tell whether "localhost" is really the
loopback interface.

So, is there any way to achieve what I want without adding support
for something like "ProxyCommand -" (and without having to add
each and every host that should be accessed via the proxy command
to ssh_config)? And if there's no other way, would there be
interest in adding my patch?


Ciao

Thomas


[1] That's because I've written shell scripts that allow to copy
    files from and to remote hosts that can only be accessed with
    an ssh chain (e.g. ssh -t host1 ssh -t host2 ssh -t host3).
    This is achieved by automatically opening a tunnel to port 22
    of the remote host using such a chain, and then scp to and
    from localhost. Without NoHostAuthenticationForLocalhost, scp
    would always fail because of a changed host key.


-- 
"No, `Eureka' is Greek for `This bath is too hot.'"
		-- Dr. Who
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 467 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020926/3f33a9bf/attachment.bin 


More information about the openssh-unix-dev mailing list