Page MenuHomePhabricator

Support multi-criteria Match like Match host `hostname` exec `statement`
Closed, ResolvedPublic

Description

ssh_configs like the following are not supported yet:

Match host hostname exec "return-0-if-outside-company"
  Hostname cryptic.company.lan.name
	
Match host hostname
  Hostname cryptic.company.lan.name
  ProxyJump contact.example.com

With libssh 0.9.0 (Arch Linux repository, used inside sshping), this configuration throws:

ssh_config_parse_line:  line 1: Unsupported Match keyword 'exec', ignoring

and, indeed, the corresponding entry is ignored.

Might be related to T152; at least, no multi-criteria Match at all seem to be tested in 4fc37bb6fed9.

Event Timeline

akobel triaged this task as Wishlist priority.Aug 12 2019, 10:52 PM
akobel created this task.
Jakuje added a subscriber: Jakuje.Aug 20 2019, 5:48 PM

I think the multi-criteria matches are generally supported, but I agree that they are not tested and that should be fixed.

Your example is not matched, because the exec is ignored and therefore is never matched.

The exec keyword is not supported though and I would like to implement it some time.

Jakuje claimed this task.Sep 16 2019, 6:11 PM

I implemented the match exec. Can you try if it works for you as expected in your use case? There are several commits adjusting the tests and as well as I had to implement new token parsing function, but my basic tests looked good. This code also does not work on windows since I am not Windows developer, but if interested, I believe there will be somebody who could implement that.

The code is highly inspired by the OpenSSH implementation so it should work very similarly

https://gitlab.com/jjelen/libssh-mirror/commits/master

Hi Jakub,

thanks for your effort. I'll have a look as soon as possible, but probably will need a couple of days. FYI, I did not use openssh as a library directly or inside my own application, but as a dependency of SSHping; the previously missing match exec meant that SSHping called other hosts than the ones openssh connects to. But I will try to compile with the git master and let you know the results.

Hi Jakub,

confirmed working over here on Arch Linux, used inside sshping. Note that I only tried with "simple" exec matches like the one stated in my initial report, no >=3-criteria matches (beyond host + exec, which already gives 2).

Thanks a lot!