cyjake
commented
2 years ago whoa, didn't know there were usage of Match like that before. What does exec "return 0" mean, can you help pinning some documentation about this?
Closed eleanorjboyd closed 1 year ago
cyjake
commented
2 years ago whoa, didn't know there were usage of Match like that before. What does exec "return 0" mean, can you help pinning some documentation about this?
eleanorjboyd
commented
2 years ago Hello @cyjake, thank you for your quick response! So the match command allows for the user to specify that ssh only connects to that host if the match condition is met. For example
Match exec "return 0" Host localhost
Match exec "return 1" Host testHost2
Here are some additional examples and use cases in the following issue: https://github.com/microsoft/vscode-remote-release/issues/37
Finally documentation from the [man page](page https://www.freebsd.org/cgi/man.cgi?sshd_config(5)) lists the Match statement as
Introduces a conditional block. If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, un- til either another Match line or the end of the file. If a key- word appears in multiple Match blocks that are satisfied, only the first instance of the keyword is applied.
The arguments to Match are one or more criteria-pattern pairs or the single token All which matches all criteria. The available criteria are User, Group, Host, LocalAddress, LocalPort, RDomain, and Address (with RDomain representing the rdomain(4) on which the connection was received).
The match patterns may consist of single entries or comma-sepa- rated lists and may use the wildcard and negation operators de- scribed in the PATTERNS section of ssh_config(5).
The patterns in an Address criteria may additionally contain ad- dresses to match in CIDR address/masklen format, such as 192.0.2.0/24 or 2001:db8::/32. Note that the mask length pro- vided must be consistent with the address - it is an error to specify a mask length that is too long for the address or one with bits set in this host portion of the address. For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
cyjake
commented
2 years ago got it, will dig into criteria parsing today. for the parsed result, does following format suffice the job?
{ param: 'Match', value: 'exec "return 1" Host testHost2', criteria: { exec: 'return 1', host: 'testHost2' } }after further digging on https://man.openbsd.org/ssh_config.5#Match the Host in Match exec "return 1" Host testHost2 has different meaning to a direct Host, the former one is a criteria of Match, the latter one declares a new section.
To fully solve the original issue, Match criteria can be parsed into a object at the parse phase, and the available hosts to be shown when running Remote SSH: Connect to Host... still needs further work. How is the list generated currently?
anyway, I think parsing criteria into an object show suffice the parse work, I'll try implementing this.
eleanorjboyd
commented
2 years ago yes, good catch on the different meaning based on the location of the host in comparison to the match statement. Yes that plan sounds great- let me know if you need any help and feel free to tag me as a reviewer on any PRs!
cyjake
commented
1 year ago v4.2.0 released
To my understanding, the current parsing behavior does not have a different parsed object type for match config statements. This means that it is unable to separate a host name in a ssh config line that begins with match ex:
Match exec "return 0" Host localhost. This is a feature request to add this parsing functionality. Thanks!