[PATCH] Allow matching HostName against Host entries
Ryan Kavanagh
rak at debian.org
Wed Apr 10 10:51:12 EST 2013
On Tuesday, April 9, 2013 at 15:06:55 -0500, Ben Lindstrom wrote:
> My major complaint is this one option changes how the ssh_config is
> parsed. It just takes one admin to decided he likes it to break everyone's
> setup..
>
> e.g.
>
> host foo
> user specialaccount
> hostname foo.bar.com
>
> host *.bar.com
> user normaluser
>
> Which is horrible as it *DOES* break it if you enable that switch.
I'm not sure I follow your counterexample. Even if the switch was
enabled, "ssh foo" would still use "user specialaccount", not "user
normaluser" since the switch doesn't break the first match
order. Nowhere does the patch affect the check on lines 397 or 414[0]
that only set an option if it hasn't yet been unset. Or am I
misunderstanding something? Now, assume that your counterexample was
instead
## User ~/.ssh/config ##
host foo
user specialaccount
hostname foo.bar.com
## System /etc/ssh/ssh_config
MatchHostName yes
host *.bar.com
user normaluser
ForwardAgent yes
Enabling the proposed switch would in fact cause breakage: agent
forwarding would be enabled for "ssh foo" with the switch on, and
would be the default value with the switch off. I consider this
particular objection to be moot: any changes to the system config file
is prone to breaking users config files or causing severe carnage and
should be done with utmost caution. A nutcase admin can equally well
break everyone's config (and wipe home directories) without needing
any new flags with:
## System /etc/ssh/ssh_config
## Don't try this at home (or work!)
host *
ForwardAgent yes
LocalCommand rm -fr %d
PermitLocalCommand yes
Best wishes,
Ryan
[0] if (*activep && *intptr == -1)
/* *intptr is the pointer to &options->CURRENT_SETTING */
*intptr = value;
--
|_)|_/ Ryan Kavanagh | Debian Developer
| \| \ http://ryanak.ca/ | GPG Key 4A11C97A
More information about the openssh-unix-dev
mailing list