Feedback regarding the ssh(1) Match directive
Iain Morgan
imorgan at nas.nasa.gov
Wed Oct 23 11:08:47 EST 2013
On Sun, Oct 20, 2013 at 17:14:53 +1100, Damien Miller wrote:
> On Thu, 17 Oct 2013, Iain Morgan wrote:
>
> > Hi,
> >
> > I noticed the recent commit adding Match support to ssh(1). I look
> > forward to giving it a try, but I have some initial feedback based on
> > ssh_config.5 and an examiniation of match_cfg_line().
> >
> > First, the "command" keyword could be a little deceptive. Although the
> > man page makes the use of this keyword quite clear, my initial
> > assumption was that the intent was to match against the remote command
> > that is being requested. That would seem to be a more natural
> > interpretation of this keyword. Instead it is an arbitrary local test.
> > Perhaps "localtest" would be a better choice for the keyword.
>
> Maybe rename it to "exec"?
>
That works for me.
After doing a little experimentation, I've found one small bug:
percent_expand() needs to be applied to options->hostname to handle the
case where an earlier block used HostName with %h. We currently do that
expansion in ssh.c, but it looks like we also need to do it in
match_cfg_lien() or find some more appropriate spot so that we only have
to do it once.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list