Question regarding patch for ProxyCommand setting

Darren Tucker dtucker at zip.com.au
Sat Sep 28 12:53:17 EST 2002


Ben Lindstrom wrote:
> Trying to think of the best/easy way to handle this if a patch is accepted
> post 3.5.  I don't like the 'ProxyCommand -'.  It does not match any of
> our current syntax. 

What about just "ProxyCommand none"? That would match the the syntax of
EscapeChar.

> On Thu, 26 Sep 2002, Thomas Binder wrote:
> > [1] That's because I've written shell scripts that allow to copy
> >     files from and to remote hosts that can only be accessed with
> >     an ssh chain (e.g. ssh -t host1 ssh -t host2 ssh -t host3).

We do something similar using "ProxyCommand ssh host1 nc -w3 host2 22".
You can stack them (ie another ProxyCommand could be "ssh host2 .."),
all of the config is on the central host and the host keys work. You
don't have port collision problems, but you do need netcat on the
intermediate host.

The only problem we have with it is that ssh and sshd orphan the
processes. The ssh case is fixed in -cvs, the sshd case has a proposed
patch (see http://bugzilla.mindrot.org/show_bug.cgi?id=396).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list