Re: What's the deal on the -X vs -Y thing?

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 01/26/05

Next message: all mail refused: "Re: How to prevent or quickly fix hosed ssh tunnels"
Previous message: all mail refused: "Re: What's the deal on the -X vs -Y thing?"
In reply to: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
Next in thread: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
Reply: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 26 Jan 2005 01:03:40 GMT

In article <ct4c0n$umu$1@usenet.cso.niu.edu>,
Neil W Rickert <rickert+nn@cs.niu.edu> wrote:
>Host *
> ForwardAgent no
> ForwardX11 no
> ForwardX11Trusted yes
> StrictHostKeyChecking ask
>
> -----
>
>and all works fine.
>
>I first tried that with only a specific host -- the one where I
>most needed trusted X-forwarding. But that didn't work very well,
>so I made it apply to all. In practice, I only do X forwarding to
>trusted hosts anyway. My default is to forward neither X nor agent.

I suspect that was because you had a Host * entry at the top of the
config file.

The config parser is "first match" not "longest match" and processes
command line, user config, global config and defaults, in that order.

For example, if you have the following in a config file:

Host *
ForwardX11Trusted no

Host a
ForwardX11Trusted yes

when ssh'ing to host "a", the "Host *" block will set ForwardX11Trusted
and the entry in "Host a" won't override it.

The upshot is:
- if you want a global _override_, put a "Host *" block at the top
of the config file
- if you want a global _default_, put a "Host *" block at the bottom
of the config file.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Next message: all mail refused: "Re: How to prevent or quickly fix hosed ssh tunnels"
Previous message: all mail refused: "Re: What's the deal on the -X vs -Y thing?"
In reply to: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
Next in thread: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
Reply: Neil W Rickert: "Re: What's the deal on the -X vs -Y thing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Change pipeline component properties
... Based on the type of Host you are using you can store the runtime configuration in a config file similar to any .NET projects. ...
(microsoft.public.biztalk.general)
Re: Sharing printers with cups: what is wrong?
... >> from there allow all host that you wish to have print capabilities for. ... > I've found that there are times where CIDR notation (e.g. ... perhaps when you edited a config file by hand.... ...
(Fedora)
Re: OpenSSH option to set default hostkey directory?
... CLI options, user's config file, system-wide config file. ... what's not clear to me is quite how the Host keyword sections are ... ...and I ssh to the host "alpha", then will ssh stop after matching ... not also apply wildcard rules. ...
(comp.security.ssh)
Re: Secure CRT
... you can set up your user's config file: ... which gives the login for that host. ... bash-completion rpm which nicely sets up bash's programmable ... TAB completion: ...
(RedHat)
Re: convert console app to config file?
... Host a Remote Object in Microsoft Internet Information Services ... I was told by the "remoting resource"> where I am working that all I have to do is add a config file to the> existing codebase and presto, as long as I have MarshalByRefObj, then I am> off and running. ... Or host in IIS? ...
(microsoft.public.dotnet.framework.remoting)