RFE: EndMatch
Darren Tucker
dtucker at zip.com.au
Sat Sep 15 17:04:38 EST 2012
On Fri, Sep 14, 2012 at 11:18:05AM +0200, Biltong wrote:
> On Fri, Sep 14, 2012, at 01:46 AM, Darren Tucker wrote:
> > On Thu, Sep 13, 2012 at 04:56:19PM +0200, Biltong wrote:
> > > Currently a Match block can only be ended by another Match block or an
> > > end of file.
> > >
> > > I'd like to suggest adding the keyword "EndMatch" to mark the end of a
> > > Match block.
> >
> > Rather than adding a new keyword, it would probably be doable by
> > extending Match to understand "Match all", which should have the
> > semantics you want. You could end up with some configs that were pretty
> > hard to understand, though.
>
> So would this mean the default config would become part of a Match all
> block
Not exactly. The config is parsed in 2 stages: non-match and match.
Anything set in a Match block overrides anything sent in the non-match
block.
Assuming no earlier Match rule matched it, anything you put in a "Match
User *" block will behave almost the same as if it had been part of the
config before Match, with the exception that if the same directive is
specified once before Match and once in "Match User *" the latter will
take precedence.
> and that Match blocks become nestable?
Match blocks will probably never be nestable. It'd make them less like
the ssh(1) Host keywords they were modelled on, probably require some
invasive changes to implement and make the configs harder to understand.
Anyway, you can do what I was suggesting with "Match User *" right now,
so I don't think "Match all" is warranted.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list