Config to have "ssh too-old-host" error out (with chosen message, and sans actual connection attempt)?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hello, I applied major updates to the workplace machines, the effect being that ssh/scp/sftp now refuse to connect to a couple legacy hosts. I'll be pinpointing workarounds to access those, but once these are in place, I'd like to change .ssh/config so that when muscle memory does a "ssh too-old-host" again, I get output to the effect of "use the 'foo bar baz' command instead" (and ideally, OpenSSH itself does not even *attempt* to connect).
LocalCommand doesn't execute (because ssh never gets post auth), and ProxyCommand seems to be unable, too (because its output apparently gets swallowed *entirely* by ssh). 

Is there an .ssh/config trick to that effect that I don't see?
If not, may I suggest a config option "Refuse [optional message]" as a new feature?
(I'm *not* asking for a way to "*execute* something entirely different *instead* of ssh" because of several reasons - one being that it'd allow configs to get silently "backdoored" so as to connect target hosts by less-secure-than-policy-says methods.) 

Thanks in advance,
--
Jochen Bern
Systemingenieur

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux