Bug 2869

Summary:

ProxyJump does not directly support clearing previous declarations

Product:

Portable OpenSSH

Reporter:

Chris Adams <chris>

Component:

ssh

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

enhancement

CC:

djm, dtucker

Priority:

Version:

7.6p1

Hardware:

All

OS:

Mac OS X

Bug Depends on:

Bug Blocks:

2852

Attachments:

Description	Flags
Accept ProxyJump=none	dtucker: ok+

Description Chris Adams 2018-05-18 03:56:20 AEST

If you're using ProxyCommand a subsequent match can set "ProxyCommand none" to clear the previous setting. This is useful with wildcards:

Host bastion.example.org
    ProxyCommand none

Host *.example.org
    ProxyCommand ssh bastion.example.org -W %h:%p

ProxyJump doesn't have a documented way to accomplish the same effect. If you know that it is currently implemented internally as a shortcut to construct a ProxyCommand you can clear it:

Host bastion.example.org
    ProxyCommand none

Host *.example.org
    ProxyJump bastion.example.org


It would be friendlier if ProxyJump supported "none" (currently it just passes that value through as the hostname) for symmetry but in either case the main benefit would probably be documenting this.

Comment 1 Damien Miller 2018-05-18 10:44:08 AEST

Created attachment 3151 [details]
Accept ProxyJump=none

Comment 2 Damien Miller 2018-05-22 10:16:03 AEST

Patch is applied and will be in OpenSSH 7.8 - thanks!

commit 4b22fd8ecefd059a66140be67f352eb6145a9d88 (HEAD -> master, origin/master, origin/HEAD)
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue May 22 00:13:26 2018 +0000

    upstream: support ProxyJump=none to disable ProxyJump
    
    functionality; bz#2869 ok dtucker@
    
    OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01

Comment 3 Chris Adams 2018-05-23 00:34:23 AEST

Awesome, thanks for the rapid patch!

Comment 4 Damien Miller 2021-04-23 15:08:44 AEST

closing resolved bugs as of 8.6p1 release