ssh: Handle "ProxyJump none" from SSH config file
Since OpenSSH 7.8, the ProxyJump directive accepts the value "none"[1] to override and clear a setting that might otherwise be contributed by another (wildcard) host entry. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2869 Change-Id: Ia35e82c6f8c58d5c6b8040cda7a07b220f43fc21 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
180bc67e28
commit
057f1d9123
|
@ -354,6 +354,21 @@ public void testJumpHost() throws Exception {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testJumpHostNone() throws Exception {
|
||||
// Should not try to go through the non-existing proxy
|
||||
cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //
|
||||
"Host server", //
|
||||
"HostName localhost", //
|
||||
"Port " + testPort, //
|
||||
"User " + TEST_USER, //
|
||||
"IdentityFile " + privateKey1.getAbsolutePath(), //
|
||||
"ProxyJump none", //
|
||||
"", //
|
||||
"Host *", //
|
||||
"ProxyJump " + TEST_USER + "@localhost:1234");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testJumpHostWrongKeyAtProxy() throws Exception {
|
||||
// Test that we find the proxy server's URI in the exception message
|
||||
|
|
|
@ -219,7 +219,8 @@ private List<URIish> determineHops(List<URIish> currentHops,
|
|||
HostConfigEntry hostConfig, String host) throws IOException {
|
||||
if (currentHops.isEmpty()) {
|
||||
String jumpHosts = hostConfig.getProperty(SshConstants.PROXY_JUMP);
|
||||
if (!StringUtils.isEmptyOrNull(jumpHosts)) {
|
||||
if (!StringUtils.isEmptyOrNull(jumpHosts)
|
||||
&& !SshConstants.NONE.equals(jumpHosts)) {
|
||||
try {
|
||||
return parseProxyJump(jumpHosts);
|
||||
} catch (URISyntaxException e) {
|
||||
|
|
|
@ -191,6 +191,26 @@ private SshConstants() {
|
|||
/** Flag value. */
|
||||
public static final String FALSE = "false";
|
||||
|
||||
/**
|
||||
* Property value. Some keys accept a special 'none' value to override and
|
||||
* clear a setting otherwise contributed by another host entry, for instance
|
||||
* {@link #PROXY_COMMAND} or {@link #PROXY_JUMP}. Example:
|
||||
*
|
||||
* <pre>
|
||||
* Host bastion.example.org
|
||||
* ProxyJump none
|
||||
*
|
||||
* Host *.example.org
|
||||
* ProxyJump bastion.example.org
|
||||
* </pre>
|
||||
* <p>
|
||||
* OpenSSH supports this since OpenSSH 7.8.
|
||||
* </p>
|
||||
*
|
||||
* @since 6.0
|
||||
*/
|
||||
public static final String NONE = "none";
|
||||
|
||||
// Default identity file names
|
||||
|
||||
/** Name of the default RSA private identity file. */
|
||||
|
@ -202,7 +222,7 @@ private SshConstants() {
|
|||
/** Name of the default ECDSA private identity file. */
|
||||
public static final String ID_ECDSA = "id_ecdsa";
|
||||
|
||||
/** Name of the default ECDSA private identity file. */
|
||||
/** Name of the default ED25519 private identity file. */
|
||||
public static final String ID_ED25519 = "id_ed25519";
|
||||
|
||||
/** All known default identity file names. */
|
||||
|
|
Loading…
Reference in New Issue