[PATCH] Allow matching HostName against Host entries

Ryan Kavanagh rak at debian.org
Fri Mar 22 12:51:27 EST 2013 

It would be useful to allow matching HostName entries against Host
entries. That's to say, I would find it very convenient to have an
ssh_config like:

Host zeus
    HostName zeus.greek.gods
    User hades
Host hera
    HostName hera.greek.gods
# [ ... ]
Host *.greek.gods
    User poseidon
    UserKnownHostsFile ~/.ssh/known_hosts.d/athens
    # [ Default settings for *.greek.gods ]

where I can then go
$ ssh zeus
to log in as hades on zeus.greek.gods, using the settings in the stanzas
matching zeus and zeus.greek.gods. Similarly,
$ ssh hera
to log on as poseidon on hera.greek.gods, using the settings in the
stanzas matching hera and hera.greek.gods. This allows me to set an
"alias" for frequently hosts while still using the settings matching the
associated HostName.

This is similar to writing

Host zeus
    HostName zeus.greek.gods
    User hades
Host hera
    HostName hera.greek.gods
# [ ... ]
Host *.greek.gods zeus hera [ ... ]
    User poseidon
    UserKnownHostsFile ~/.ssh/known_hosts.d/athens
    # [ Default settings for *.greek.gods ]

making use of the "fallthrough" functionality of ssh's config parser,
where each Host stanza matching the name given on the command line is
parsed, setting any parameters not previously set. Unfortunately, this
becomes unmanageable for large numbers of "aliases".

Now said functionality might break existing SSH configs, and some users
might find it undesirable, so I've added the following ssh_config
parameter:

     MatchHostName
             This option matches the value of HostName against any
             subsequent Host entries.  MatchHostName may be set at any
             point, but only takes effect once HostName is set.  The
             argument to this keyword must be ``yes'' or ``no''.  The
             default is ``no''.

Please see the patch below for the details. I wasn't able to get SSH to
build on a CVS checkout of OpenBSD-current (with or without the patch),
but it applied, compiled, and ran fine on my CVS checkout of OpenBSD
5.2.

Best wishes,
Ryan

-- 
|_)|_/	Ryan Kavanagh		| Debian Developer
| \| \	http://ryanak.ca/	| GPG Key 4A11C97A

Index: usr.bin/ssh/ssh_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
retrieving revision 1.161
diff -u -r1.161 ssh_config.5
--- usr.bin/ssh/ssh_config.5	8 Jan 2013 18:49:04 -0000	1.161
+++ usr.bin/ssh/ssh_config.5	22 Mar 2013 01:34:26 -0000
@@ -810,6 +810,22 @@
 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
 hmac-sha1-96,hmac-md5-96
 .Ed
+.It Cm MatchHostName
+This option matches the value of
+.Cm HostName
+against any subsequent
+.Cm Host
+entries.
+.Cm MatchHostName
+may be set at any point, but only takes effect once
+.Cm HostName
+is set.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
 .It Cm NoHostAuthenticationForLocalhost
 This option can be used if the home directory is shared across machines.
 In this case localhost will refer to a different machine on each of
Index: usr.bin/ssh/readconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.197
diff -u -r1.197 readconf.c
--- usr.bin/ssh/readconf.c	6 Mar 2013 23:36:53 -0000	1.197
+++ usr.bin/ssh/readconf.c	22 Mar 2013 01:34:26 -0000
@@ -128,7 +128,7 @@
 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
-	oHashKnownHosts,
+	oHashKnownHosts, oMatchHostName,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
 	oKexAlgorithms, oIPQoS, oRequestTTY,
@@ -228,6 +228,7 @@
 	{ "controlmaster", oControlMaster },
 	{ "controlpersist", oControlPersist },
 	{ "hashknownhosts", oHashKnownHosts },
+	{ "matchhostname", oMatchHostName },
 	{ "tunnel", oTunnel },
 	{ "tunneldevice", oTunnelDevice },
 	{ "localcommand", oLocalCommand },
@@ -823,7 +824,9 @@
 			negated = *arg == '!';
 			if (negated)
 				arg++;
-			if (match_pattern(host, arg)) {
+			if (match_pattern(host, arg) ||
+			    (options->match_host_name == 1 && &options->hostname != NULL &&
+			    match_pattern(options->hostname, arg))) {
 				if (negated) {
 					debug("%.200s line %d: Skipping Host "
 					    "block because of negated match "
@@ -970,6 +973,10 @@
 		intptr = &options->hash_known_hosts;
 		goto parse_flag;
 
+	case oMatchHostName:
+		intptr = &options->match_host_name;
+		goto parse_flag;
+
 	case oTunnel:
 		intptr = &options->tun_open;
 		arg = strdelim(&s);
@@ -1207,6 +1214,7 @@
 	options->control_persist = -1;
 	options->control_persist_timeout = 0;
 	options->hash_known_hosts = -1;
+	options->match_host_name = -1;
 	options->tun_open = -1;
 	options->tun_local = -1;
 	options->tun_remote = -1;
@@ -1345,6 +1353,8 @@
 	}
 	if (options->hash_known_hosts == -1)
 		options->hash_known_hosts = 0;
+	if (options->match_host_name == -1)
+		options->match_host_name = 0;
 	if (options->tun_open == -1)
 		options->tun_open = SSH_TUNMODE_NO;
 	if (options->tun_local == -1)
Index: usr.bin/ssh/readconf.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.h,v
retrieving revision 1.93
diff -u -r1.93 readconf.h
--- usr.bin/ssh/readconf.h	22 Feb 2013 04:45:09 -0000	1.93
+++ usr.bin/ssh/readconf.h	22 Mar 2013 01:34:26 -0000
@@ -125,6 +125,8 @@
 
 	int	hash_known_hosts;
 
+	int match_host_name;
+
 	int	tun_open;	/* tun(4) */
 	int     tun_local;	/* force tun device (optional) */
 	int     tun_remote;	/* force tun device (optional) */

More information about the openssh-unix-dev mailing list