Command-based ssh_config declarations

Jim Knoble jmknoble at pobox.com
Fri Mar 7 18:03:47 EST 2008


Circa 2008-03-06 19:06 dixit petesea at bigfoot.com:

: How difficult would it be to enhance the client ssh_config file to allow 
: command-based declarations similar to that provided by the "Host" keyword?

Not necessary; see below.

: The main reason I need something like this is when ssh is used via CVS and 
: Subversion.  I want all CVS/Subversion traffic to use a different SSH port 
: and different authentication options.

  [...]

This is where the 'HostName' directive is your friend.  Your ssh_config
file can look like this:

    Host svn.example.com
        HostName server.example.com
        Port 2200
        BatchMode yes
        # etc.

    Host *
        Protocol 2
        # etc.

Now, for your Subversion commands, use
'svn+ssh://svn.example.com/repository' as the repository specification,
rather than 'svn+ssh://server.example.com/repository'.  You can even use
a different identity for pubkey authentication, if you wish.

This is mainly a matter of discipline or policy in what name is used to
access the Subversion or CVS server.  The names in the Host stanzas
aren't even required to be valid DNS names, as long as the HostName
directive contains a either a valid IP address or a name that's
defined in DNS or /etc/hosts or whatever your system uses.

If you have more than one such host running a Subversion or CVS server,
you can add a Host stanza for each one into ssh_config.  If you have
thousands of them, you should consider using a wrapper script for the
'ssh' command instead.

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: 6F39C2CC  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing.  --Aldous Huxley|
+----------------------------------------------------------------------+


More information about the openssh-unix-dev mailing list