From 05b69e99570553c8e1eafb895b1fbf1d098d2e14 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 18 Oct 2017 02:49:44 +0000 Subject: upstream commit In the description of pattern-lists, clarify negated matches by explicitly stating that a negated match will never yield a positive result, and that at least one positive term in the pattern-list must match. bz#1918 Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 --- ssh_config.5 | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index eae427607..01acd4286 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.257 2017/10/05 12:56:50 jmc Exp $ -.Dd $Mdocdate: October 5 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.258 2017/10/18 02:49:44 djm Exp $ +.Dd $Mdocdate: October 18 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1674,6 +1674,19 @@ pool, the following entry (in authorized_keys) could be used: .Pp .Dl from=\&"!*.dialup.example.com,*.example.com\&" +.Pp +Note that a negated match will never produce a positive result by itself. +For example, attempting to match +.Qq host3 +against the following pattern-list will fail: +.Pp +.Dl from=\&"!host1,!host2\&" +.Pp +The solution here is to include a term that will yield a positive match, +such as a wildcard: +.Pp +.Dl from=\&"!host1,!host2,*\&" +.Pp .Sh TOKENS Arguments to some keywords can make use of tokens, which are expanded at runtime: -- cgit v1.2.3