upstream commit

Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.

This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.

ok markus@

Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397

1 files changed, 7 insertions, 1 deletions

diff --git a/readconf.h b/readconf.h
index a8b0b9188..cef55f71c 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.116 2016/06/03 03:14:41 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.117 2016/07/15 00:24:30 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -163,6 +163,11 @@ typedef struct {
         char   *hostbased_key_types;
         char   *pubkey_key_types;
 
+        char   *jump_user;
+        char   *jump_host;
+        int     jump_port;
+        char   *jump_extra;
+
         char    *ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
 
@@ -198,6 +203,7 @@ int	 process_config_line(Options *, struct passwd *, const char *,
 int      read_config_file(const char *, struct passwd *, const char *,
     const char *, Options *, int);
 int      parse_forward(struct Forward *, const char *, int, int);
+int      parse_jump(const char *, Options *, int);
 int      default_ssh_port(void);
 int      option_clear_or_none(const char *);
 void     dump_client_config(Options *o, const char *host);