bugzilla-daemon at mindrot.org
2021-Jul-28 12:38 UTC
[Bug 3334] New: document `none` keyword for ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3334
Bug ID: 3334
Summary: document `none` keyword for ProxyJump
Product: Portable OpenSSH
Version: 8.6p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hey.
I think ssh_config?s ProxyJump should also mention the apparently
working `none` keyword (just like ProxyCommand).
This is needed to do things like:
Host login.example.org
ProxyJump none
Host *.example.org
ProxyJump login.example.org
to not end up in an endless loop.
Cheers,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Aug-06 05:08 UTC
[Bug 3334] document `none` keyword for ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3334
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
Status|NEW |RESOLVED
Resolution|--- |FIXED
Blocks| |3302
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Christoph Anton Mitterer from comment #0)> I think ssh_config?s ProxyJump should also mention the apparently
> working `none` keyword (just like ProxyCommand).
Yep, it's handled in parse_jump(). Added to man page.
> to not end up in an endless loop.
ssh will now detect trivial loops for you:
$ cat tmp
Host *.example.org
ProxyJump login.example.org
$ ./ssh -F tmp login.example.org
jumphost loop via login.example.org
You can still construct non-trivial ones though.
Thanks for the report.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Aug-06 16:53 UTC
[Bug 3334] document `none` keyword for ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3334 --- Comment #2 from Christoph Anton Mitterer <calestyo at scientia.net> ---> Host *.example.org > ProxyJump login.example.org > > to not end up in an endless loop.That should then also be documented,... plus more concrete what's actually happening like: If one *just* have:> Host *.example.org > ProxyJump login.example.org=> it's clear... no recursion but what when one has:> Host login.example.org > SomeOtherStuff > Host *.example.org > ProxyJump login.example.orgIn that case, would SomeOtherStuff still be loaded? Or similarly if login.example.org had another ProxyJump to another host? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Aug-06 20:31 UTC
[Bug 3334] document `none` keyword for ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3334 --- Comment #3 from Darren Tucker <dtucker at dtucker.net> --- (In reply to Christoph Anton Mitterer from comment #2) [...]> but what when one has: > > > Host login.example.org > > SomeOtherStuff > > Host *.example.org > > ProxyJump login.example.org > > In that case, would SomeOtherStuff still be loaded?Yes. The parser is first-match for each keyword. From ssh_config(5): For each parameter, the first obtained value will be used. The configuration files contain sections separated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions). Since the first obtained value for each parameter is used, more host- specific declarations should be given near the beginning of the file, and general defaults at the end.> Or similarly if login.example.org had another ProxyJump to another > host?Then it'll get used. It'll only report a jumphost loop if the host, port and user are all end up all identical. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:57 UTC
[Bug 3334] document `none` keyword for ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3334
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.