matching single-part label in ssh_config ?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

matching single-part label in ssh_config ?

Adam Thompson
Reading the ssh_config manpage, I don't see a way to do this...

I want to match single-part labels, e.g. "servername" without matching
everything "servername.somewhere.else".
(I do rely on my local resolver's search functionality.)

So far, the best I can come up with is "*,!*.*" which doesn't seem to work.

Is there a way to do this?


FYI, I'm trying to set a less-secure cipher for machines on my local
network, which I customarily address using non-qualified hostnames.  
I've just remembered that I can easily double my file transfer speed and
reduce CPU load (both important in my case) by switching to "arcfour".

So far, the only workaround is to specify the FQDN or IP address, both
of which are less than ideal.

--
-Adam Thompson
  [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: matching single-part label in ssh_config ?

Darren Tucker
On Sat, Nov 02, 2013 at 02:36:01PM -0500, Adam Thompson wrote:
> Reading the ssh_config manpage, I don't see a way to do this...
>
> I want to match single-part labels, e.g. "servername" without
> matching everything "servername.somewhere.else".
> (I do rely on my local resolver's search functionality.)
>
> So far, the best I can come up with is "*,!*.*" which doesn't seem to work.
> Is there a way to do this?

The parser is first-match, so you can do something like this:

Host *.*
        Ciphers aes128-ctr,aes192-ctr,aes256-ctr,...

Host *
        Ciphers arcfour256,arcfour128,...

which will use the first for any hostname containing a dot, and the
second for anything without.

Also: it's not in 5.4 but it is in current: check out the Match keyword
for a more flexible method.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reply | Threaded
Open this post in threaded view
|

Re: matching single-part label in ssh_config ?

Lars Noodén
On Sun, 3 Nov 2013, Darren Tucker wrote:
[snip]
> Also: it's not in 5.4 but it is in current: check out the Match keyword
> for a more flexible method.

Cool.  Were there any particular use cases in mind with 'exec' ?

Regards,
/Lars

Reply | Threaded
Open this post in threaded view
|

Re: matching single-part label in ssh_config ?

Darren Tucker
On Sun, Nov 03, 2013 at 01:00:28PM +0200, Lars Nooden wrote:
> On Sun, 3 Nov 2013, Darren Tucker wrote:
> [snip]
> > Also: it's not in 5.4 but it is in current: check out the Match keyword
> > for a more flexible method.
>
> Cool.  Were there any particular use cases in mind with 'exec' ?

ProxyCommand is the one that springs immediately to mind (ie picking the
right proxy for the network you're currently on) but I haven't actually
tried it yet.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.