From: djm@openbsd.org Date: Sat, 15 Feb 2025 01:50:47 +0000 (+0000) Subject: upstream: Add support for "Match sessiontype" to ssh_config. Allows X-Git-Tag: V_10_0_P1~77 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=192a20df00c8a56fe7d92ffa23d959c865d7fb9e;p=thirdparty%2Fopenssh-portable.git upstream: Add support for "Match sessiontype" to ssh_config. Allows matching on the type of session requested, either "shell" for interactive sessions, "exec" for command execution sessions, "subsystem" for subsystem requests, such as sftp, or "none" for transport/forwarding-only sessions. ok markus@ OpenBSD-Commit-ID: eff5c001aecb2283d36639cfb28c0935a8bfd468 --- diff --git a/readconf.c b/readconf.c index 72392d01a..10adaaaa8 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.395 2025/02/15 01:48:30 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.396 2025/02/15 01:50:47 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -856,6 +856,19 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, match_pattern_list(criteria, arg, 0) == 1; if (r == (negate ? 1 : 0)) this_result = result = 0; + } else if (strcasecmp(attrib, "sessiontype") == 0) { + if (options->session_type == SESSION_TYPE_SUBSYSTEM) + criteria = xstrdup("subsystem"); + else if (options->session_type == SESSION_TYPE_NONE) + criteria = xstrdup("none"); + else if (remote_command != NULL && + *remote_command != '\0') + criteria = xstrdup("exec"); + else + criteria = xstrdup("shell"); + r = match_pattern_list(criteria, arg, 0) == 1; + if (r == (negate ? 1 : 0)) + this_result = result = 0; } else if (strcasecmp(attrib, "exec") == 0) { if ((cmd = expand_match_exec_or_include_path(arg, options, pw, host_arg, original_host, diff --git a/ssh_config.5 b/ssh_config.5 index 857cabbe8..6fff9c74a 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.408 2025/02/15 01:48:30 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.409 2025/02/15 01:50:47 djm Exp $ .Dd $Mdocdate: February 15 2025 $ .Dt SSH_CONFIG 5 .Os @@ -255,6 +255,24 @@ keyword matches against the name of the local user running (this keyword may be useful in system-wide .Nm files). +.Pp +Finally, the +.Cm sessiontype +keyword matches the requested session type, which may be one of +.Cm shell +for interactive sessions, +.Cm exec +for command execution sessions, +.Cm subsystem +for subsystem invocations such as +.Xr sftp 1 , +or +.Cm none +for transport-only sessions, such as when +.Xr ssh 1 +is started with the +.Fl N +flag. .It Cm AddKeysToAgent Specifies whether keys should be automatically added to a running .Xr ssh-agent 1 .