From d027cc4db3c84e0333b1b3136484b412a2f86a67 Mon Sep 17 00:00:00 2001 From: Till Höppner Date: Mon, 15 May 2017 14:33:13 +0200 Subject: Fix ssh/mosh completions to honor ~/.ssh/config during listing --- functions/_ssh | 700 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 700 insertions(+) create mode 100644 functions/_ssh (limited to 'functions/_ssh') diff --git a/functions/_ssh b/functions/_ssh new file mode 100644 index 0000000..a7babe9 --- /dev/null +++ b/functions/_ssh @@ -0,0 +1,700 @@ +#compdef ssh slogin=ssh scp ssh-add ssh-agent ssh-keygen sftp ssh-copy-id + +# TODO: sshd, ssh-keyscan, ssh-keysign + +_ssh () { + local curcontext="$curcontext" state line expl suf ret=1 + local args common tmp p1 file cmn cmds sdesc + typeset -A opt_args + + common=( + '(-2)-1[forces ssh to try protocol version 1 only]' + '(-1)-2[forces ssh to try protocol version 2 only]' + '(-6)-4[forces ssh to use IPv4 addresses only]' + '(-4)-6[forces ssh to use IPv6 addresses only]' + '-C[compress data]' + # for protocol version 2, this can be a comma-separated list + '-c+[select encryption cipher]:encryption cipher:(idea des 3des blowfish arcfour tss none)' + '-F+[specify alternate config file]:config file:_files' + '*-i+[select identity file]:SSH identity file:_files -g "*(-.^AR)"' + '*-o+[specify extra options]:option string:->option' + ) + common_transfer=( + '-l[limit used bandwidth]:bandwidth in KiB/s:' + '-P+[specify port on remote host]:port number on remote host' + '-p[preserve modification times, access times and modes]' + '-q[disable progress meter and warnings]' + '-r[recursively copy directories (follows symbolic links)]' + '-S+[specify ssh program]:path to ssh:_command_names -e' \ + '-v[verbose mode]' + ) + + case "$service" in + ssh) + _arguments -C -s \ + '(-a)-A[enables forwarding of the authentication agent connection]' \ + '(-A)-a[disable forwarding of authentication agent connection]' \ + '(-P)-b+[specify interface to transmit on]:bind address:_bind_addresses' \ + '-D+[specify a dynamic port forwarding]:dynamic port forwarding:->dynforward' \ + '-e+[set escape character]:escape character (or `none'\''):' \ + '-E[append log output to file instead of stderr]:_files' \ + '(-n)-f[go to background]' \ + '-g[allow remote hosts to connect to local forwarded ports]' \ + '-G[output configuration and exit]' \ + '-I+[specify smartcard device]:device:_files' \ + '-J+[connect via a jump host]: :->userhost' \ + '-K[enable GSSAPI-based authentication and forwarding]' \ + '-k[disable forwarding of GSSAPI credentials]' \ + '*-L[specify local port forwarding]:local port forwarding:->forward' \ + '-l+[specify login name]:login name:_ssh_users' \ + '-M[master mode for connection sharing]' \ + '(-1)-m+[specify mac algorithms]:mac spec:->macs' \ + '(-1)-N[do not execute a remote command (protocol version 2 only)]' \ + '-n[redirect stdin from /dev/null]' \ + '-O:multiplex control command:((check\:"check master process is running" exit\:"request the master to exit" forward\:"request forward without command execution" stop\:"request the master to stop accepting further multiplexing requests" cancel\:"cancel existing forwardings with -L and/or -R"))' \ + '-P[use non privileged port]' \ + '-p+[specify port on remote host]:port number on remote host' \ + '(-v)*-q[quiet operation]' \ + '*-R[specify remote port forwarding]:remote port forwarding:->forward' \ + '-S+[specify location of control socket for connection sharing]:path to control socket:_files' \ + '-Q[query parameters]:parameter type:((cipher\:"supported symmetric ciphers" cipher-auth\:"supported symmetric ciphers that support authenticated encryption" mac\:"supported message integrity codes" kex\:"key exchange algorithms" key\:"key types" protocol-version\:"supported SSH protocol versions"))' \ + '(-1)-s[invoke subsystem]' \ + '(-1 -t)-T[disable pseudo-tty allocation (protocol version 2 only)]' \ + '(-T)-t[force pseudo-tty allocation]' \ + '-V[show version number]' \ + '(-q)*-v[verbose mode (multiple increase verbosity, up to 3)]' \ + '-W[forward standard input and output to host]:stdinout forward:->hostport' \ + '-w[request tunnel device forwarding]:local_tun[\:remote_tun] (integer or "any"):' \ + '(-x -Y)-X[enable (untrusted) X11 forwarding]' \ + '(-X -Y)-x[disable X11 forwarding]' \ + '(-x -X)-Y[enable trusted X11 forwarding]' \ + '-y[send log info via syslog instead of stderr]' \ + ':remote host name:->userhost' \ + '*::args:->command' "$common[@]" && ret=0 + ;; + scp) + _arguments -C -s \ + '-3[copy through local host, not directly between the remote hosts]' \ + '-B[batch mode (don'\''t ask for passphrases)]' \ + '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0 + ;; + ssh-add) + _arguments -s \ + '-c[identity is subject to confirmation via SSH_ASKPASS]' \ + '-D[delete all identities]' \ + '-d[remove identity]' \ + '-E[specify hash algorithm for fingerprints]:algorithm:(md5 sha256)' \ + '-e[remove keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ + '-k[load plain private keys only and skip certificates]' \ + '-L[lists public key parameters of all identities in the agent]'\ + '-l[list all identities]' \ + '-s[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \ + '-t[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \ + '-X[unlock the agent]' \ + '-x[lock the agent with a password]' \ + '*:SSH identity file:_files' + return + ;; + ssh-agent) + _arguments -s \ + '(-k)-a[UNIX-domain socket to bind agent to]:UNIX-domain socket:_files' \ + '(-k -s)-c[force csh-style shell]' \ + '(-k)-d[debug mode]' \ + '-k[kill current agent]' \ + '(-k -c)-s[force sh-style shell]' \ + '-t[set default maximum lifetime for identities]:maximum lifetime (in seconds or time format):' \ + '*::command: _normal' + return + ;; + ssh-keygen) + # options can be in any order but use ! to limit those shown for the first argument + (( CURRENT == 2 )) && p1='!' + args=( '!-z:number' ) + sdesc='certify keys with CA key' + (( $+words[(r)-s] )) && args=( '-z[specify serial number]:serial number' ) + (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) && + sdesc='specify CA public key file' + file=key + (( $+words[(r)-[HR]] )) && file=known_hosts + (( $+words[(r)-T] )) && file=input + if (( $+words[(r)-[kQ]] )); then + file=krl + args+=( '*:file:_files' ) + fi + cmds=( -p -i -e -y -c -l -B -D -H -R -r -G -T -s -L -A -k -Q ) # basic commands + cmn=( -b -P -N -C -m -v ) # options common to many basic commands (except -f which is common to most) + cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u ) # options specific to one basic command + _arguments -s $args \ + "(${${(@)cmds:#-G}} -P -m ${${(@)cms:#-[MS]}})-b[specify number of bits in key]:bits in key" \ + "$p1(${${(@)cmds:#-[pc]}} -b -C $cms)-P[provide old passphrase]:old passphrase" \ + "(${${(@)cmds:#-p}} -m -v ${${(@)cms:#-[qt]}})-N[provide new passphrase]:new passphrase" \ + "(${${(@)cmds:#-c}} -m -v $cms)-C[provide new comment]:new comment" \ + "(-D -G -M -S -I -h -n -O -V -A)-f[$file file]:$file file:_files" \ + "$p1(${${(@)cmds:#-[ie]}})-m[specify conversion format]:format:(PEM PKCS7 RFC4716)" \ + "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \ + - '(commands)' \ + "(-b -P -C -v)-p[change passphrase of private key file]" \ + '(-b -P -N -C -v)-i[import key to OpenSSH format]' \ + '(-b -P -N -C -v)-e[export key to SECSH file format]' \ + "($cmn)-y[get public key from private key]" \ + '(-b -N -m -v)-c[change comment in private and public key files]' \ + "($cmn)-B[show the bubblebabble digest of key]" \ + "(-)-D[download key stored in smartcard reader]:reader" \ + "($cmn)-H[hash names in known_hosts file]" \ + "($cmn)-R[remove host from known_hosts file]:host:_ssh_hosts" \ + "($cmn)-L[print the contents of a certificate]" \ + "(-)-A[generate host keys for all key types]" \ + "($cmn)-Q[test whether keys have been revoked in a KRL]" \ + - finger \ + "($cmn)-l[show fingerprint of key file]" \ + "$p1($cmn)-E[specify hash algorithm for displayed fingerprints]:hash algorithim:(md5 sha256)" \ + - create \ + '(-P -m)-q[silence ssh-keygen]' \ + "(-P -m)-t[specify the type of the key to create]:key type:(rsa1 rsa dsa ecdsa ed25519)" \ + - dns \ + "($cmn)-r[print DNS resource record]:hostname:_hosts" \ + "$p1($cmn)-g[use generic DNS format]" \ + - primes \ + "(-P -N -C -m -f)-G[generate candidates for DH-GEX moduli]" \ + "$p1(-P -N -C -m -f)-M[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \ + "$p1(-P -N -C -m -f)-S[specify start point]:start point (hex)" \ + - screen \ + "(${${(@)cmn:#-v}})-T[screen candidates for DH-GEX moduli]:output file:_files" \ + "${p1}(${${(@)cmn:#-v}})-a[specify number of rounds]:rounds" \ + "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number of lines]" \ + "${p1}(${${(@)cmn:#-v}})-j[start screening at the specified line number]:line number" \ + "${p1}(${${(@)cmn:#-v}})-K[write the last line processed to file]:file:_files" \ + "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \ + - certify \ + "($cmn)-s[$sdesc]:CA key:_files" \ + "$p1($cmn -f -u)-I[specify key identifier to include in certificate]:key id" \ + "$p1($cmn -f -u)-h[generate host certificate instead of a user certificate]" \ + "$p1($cmn -f -u)-n[specify user/host principal names to include in certificate]:principals" \ + "$p1($cmn -f -u)-O[specify a certificate option]:option" \ + "$p1($cmn -f -u)-V[specify certificate validity interval]:interval" \ + "($cmn -I -h -n -O -V)-k[generate a KRL file]" \ + "$p1($cmn -I -h -n -O -V)-u[update a KRL]" + return + ;; + sftp) + _arguments -C -s \ + '-a[attempt to continue interrupted transfers]' \ + '-B+[specify buffer size]:buffer size (bytes) [32768]' \ + '-b+[specify batch file to read]:batch file:_files' \ + '-D[connect directly to a local sftp server]:sftp server path' \ + '-f[request that files be flushed immediately after transfer]' \ + '-R[specify number of outstanding requests]:number of requests [64]' \ + '-s[SSH2 subsystem or path to sftp server on the remote host]' \ + '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0 + ;; + (ssh-copy-id) + _arguments \ + '-i:SSH identity file:_files' \ + ':remote host name:->userhost' \ + ;; + esac + + while [[ -n "$state" ]]; do + lstate="$state" + state='' + + case "$lstate" in + option) + if compset -P 1 '*='; then + case "${IPREFIX#-o}" in + (#i)(ciphers|macs|kexalgorithms|hostkeyalgorithms|pubkeyacceptedkeytypes|hostbasedkeytypes)=) + if ! compset -P +; then + _wanted append expl 'append to default' compadd + && ret=0 + fi + ;; + esac + case "${IPREFIX#-o}" in + (#i)(afstokenpassing|batchmode|canonicalizefallbacklocal|challengeresponseauthentication|checkhostip|clearallforwardings|compression|enablesshkeysign|exitonforwardfailure|fallbacktorsh|forward(agent|x11)|forwardx11trusted|gatewayports|gssapiauthentication|gssapidelegatecredentials|gssapitrustdns|hashknownhosts|hostbasedauthentication|identitiesonly|kbdinteractiveauthentication|(tcp|)keepalive|nohostauthenticationforlocalhost|passwordauthentication|permitlocalcommand|proxyusefdpass|pubkeyauthentication|rhosts(|rsa)authentication|rsaauthentication|streamlocalbindunlink|usersh|kerberos(authentication|tgtpassing)|useprivilegedport|visualhostkey)=*) + _wanted values expl 'truth value' compadd yes no && ret=0 + ;; + (#i)addressfamily=*) + _wanted values expl 'address family' compadd any inet inet6 && ret=0 + ;; + (#i)bindaddress=*) + _wanted bind-addresses expl 'bind address' _bind_addresses && ret=0 + ;; + (#i)canonicaldomains=*) + _message -e 'canonical domains (space separated)' && ret=0 + ;; + (#i)canonicalizehostname=*) + _wanted values expl 'truthish value' compadd yes no always && ret=0 + ;; + (#i)canonicalizemaxdots=*) + _message -e 'number of dots' && ret=0 + ;; + (#i)canonicalizepermittedcnames=*) + _message -e 'CNAME rule list (source_domain_list:target_domain_list, each pattern list comma separated)' && ret=0 + ;; + (#i)ciphers=*) + _values -s , 'encryption cipher' \ + '3des-cbc' \ + 'aes128-cbc' \ + 'aes192-cbc' \ + 'aes256-cbc' \ + 'aes128-ctr' \ + 'aes192-ctr' \ + 'aes256-ctr' \ + 'arcfour128' \ + 'arcfour256' \ + 'arcfour' \ + 'blowfish-cbc' \ + 'cast128-cbc' \ + \ + 'rijndael128-cbc' \ + 'rijndael192-cbc' \ + 'rijndael256-cbc' \ + 'rijndael-cbc@lysator.liu.se' \ + && ret=0 + ;; + (#i)cipher=*) + _wanted values expl 'encryption cipher (protocol version 1)' \ + compadd blowfish 3des des idea arcfour tss none && ret=0 + ;; + (#i)compressionlevel=*) + _values 'compression level' {1..9} && ret=0 + ;; + (#i)connectionattempts=*) + _message -e 'connection attempts' && ret=0 + ;; + (#i)connecttimeout=*) + _message -e 'connection timeout' && ret=0 + ;; + (#i)controlmaster=*) + _wanted values expl 'truthish value' compadd yes no auto autoask && ret=0 + ;; + (#i)controlpath=*) + _description files expl 'path to control socket' + _files "$expl[@]" && ret=0 + ;; + (#i)controlpersist=*) + _message -e 'timeout' + ret=0 + _wanted values expl 'truth value' compadd yes no && ret=0 + ;; + (#i)escapechar=*) + _message -e 'escape character (or `none'\'')' + ret=0 + ;; + (#i)fingerprinthash=*) + _values 'fingerprint hash algorithm' \ + md5 ripemd160 sha1 sha256 sha384 sha512 && ret=0 + ;; + (#i)forwardx11timeout=*) + _message -e 'timeout' + ret=0 + ;; + (#i)globalknownhostsfile=*) + _description files expl 'global file with known hosts' + _files "$expl[@]" && ret=0 + ;; + (#i)hostname=*) + _wanted hosts expl 'real host name to log into' _ssh_hosts && ret=0 + ;; + (#i)(hostbasedkeytypes|hostkeyalgorithms|pubkeyacceptedkeytypes)=*) + _values -s , 'key types' \ + 'ecdsa-sha2-nistp256-cert-v01@openssh.com' \ + 'ecdsa-sha2-nistp384-cert-v01@openssh.com' \ + 'ecdsa-sha2-nistp521-cert-v01@openssh.com' \ + 'ssh-ed25519-cert-v01@openssh.com' \ + 'ssh-rsa-cert-v01@openssh.com' \ + 'ssh-dss-cert-v01@openssh.com' \ + 'ssh-rsa-cert-v00@openssh.com' \ + 'ssh-dss-cert-v00@openssh.com' \ + 'ecdsa-sha2-nistp256' \ + 'ecdsa-sha2-nistp384' \ + 'ecdsa-sha2-nistp521' \ + 'ssh-ed25519' \ + 'ssh-rsa' \ + 'ssh-dss' && ret=0 + ;; + (#i)identityfile=*) + _description files expl 'SSH identity file' + _files "$expl[@]" && ret=0 + ;; + (#i)ignoreunknown=*) + _message -e 'pattern list' && ret=0 + ;; + (#i)ipqos=*) + local descr + if [[ $PREFIX = *\ *\ * ]]; then return 1; fi + if compset -P '* '; then + descr='QoS for non-interactive sessions' + else + descr='QoS [for interactive sessions if second value given, separated by white space]' + fi + _values $descr 'af11' 'af12' 'af13' 'af14' 'af22' \ + 'af23' 'af31' 'af32' 'af33' 'af41' 'af42' 'af43' \ + 'cs0' 'cs1' 'cs2' 'cs3' 'cs4' 'cs5' 'cs6' 'cs7' 'ef' \ + 'lowdelay' 'throughput' 'reliability' && ret=0 + ;; + (#i)(local|remote)forward=*) + state=forward + ;; + (#i)dynamicforward=*) + state=dynforward + ;; + (#i)kbdinteractivedevices=*) + _values -s , 'keyboard-interactive authentication methods' \ + 'bsdauth' 'pam' 'skey' && ret=0 + ;; + (#i)kexalgorithms=*) + _values -s , 'KEX algorithms' \ + ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ + diffie-hellman-group-exchange-sha256 \ + diffie-hellman-group-exchange-sha1 \ + diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 && ret=0 + ;; + (#i)localcommand=*) + _description commands expl 'run command locally after connecting' + _command_names && ret=0 + ;; + (#i)loglevel=*) + _values 'log level' QUIET FATAL ERROR INFO VERBOSE\ + DEBUG DEBUG1 DEBUG2 DEBUG3 && ret=0 + ;; + (#i)macs=*) + state=macs + ;; + (#i)numberofpasswordprompts=*) + _message -e 'number of password prompts' + ret=0 + ;; + (#i)pkcs11provider=*) + _description files expl 'PKCS#11 shared library' + _files -g '*.(so|dylib)(|.<->)(-.)' "$expl[@]" && ret=0 + ;; + (#i)port=*) + _message -e 'port number on remote host' + ret=0 + ;; + (#i)preferredauthentications=*) + _values -s , 'authentication method' gssapi-with-mic \ + hostbased publickey keyboard-interactive password && ret=0 + ;; + (#i)protocol=*) + _values -s , 'protocol version' \ + '1' \ + '2' && ret=0 + ;; + (#i)proxycommand=*) + _cmdstring && ret=0 + ;; + (#i)rekeylimit=*) + _message -e 'maximum number of bytes transmitted before renegotiating session key' + ret=0 + ;; + (#i)requesttty=*) + _values 'request a pseudo-tty' \ + 'no[never request a TTY]' \ + 'yes[always request a TTY when stdin is a TTY]' \ + 'force[always request a TTY]' \ + 'auto[request a TTY when opening a login session]' && ret=0 + ;; + (#i)revokedhostkeys=*) + _description files expl 'revoked host keys file' + _files "$expl[@]" && ret=0 + ;; + (#i)sendenv=*) + _wanted envs expl 'environment variable' _parameters -g 'scalar*export*' && ret=0 + ;; + (#i)serveralivecountmax=*) + _message -e 'number of alive messages without replies before disconnecting' + ret=0 + ;; + (#i)serveraliveinterval=*) + _message -e 'timeout in seconds since last data was received to send alive message' + ret=0 + ;; + (#i)streamlocalbindmask=*) + _message -e 'octal mask' && ret=0 + ;; + (#i)(stricthostkeychecking|verifyhostkeydns|updatehostkeys)=*) + _wanted values expl 'truthish value' compadd yes no ask && ret=0 + ;; + (#i)transport=*) + _values 'transport protocol' TCP SCTP && ret=0 + ;; + (#i)tunnel=*) + _values 'request device forwarding' \ + 'yes' \ + 'point-to-point' \ + 'ethernet' \ + 'no' && ret=0 + ;; + (#i)tunneldevice=*) + _message -e 'local_tun[:remote_tun] (integer or "any")' + ret=0 + ;; + (#i)userknownhostsfile=*) + _description files expl 'user file with known hosts' + _files "$expl[@]" && ret=0 + ;; + (#i)user=*) + _wanted users expl 'user to log in as' _ssh_users && ret=0 + ;; + (#i)xauthlocation=*) + _description files expl 'xauth program' + _files "$expl[@]" -g '*(-*)' && ret=0 + ;; + esac + else + # old options are after the empty "\"-line + _wanted values expl 'configure file option' \ + compadd -M 'm:{a-z}={A-Z}' -q -S '=' - \ + AddKeysToAgent \ + AddressFamily \ + BatchMode \ + BindAddress \ + CanonicalDomains \ + CanonicalizeFallbackLocal \ + CanonicalizeHostname \ + CanonicalizeMaxDots \ + CanonicalizePermittedCNAMEs \ + CertificateFile \ + ChallengeResponseAuthentication \ + CheckHostIP \ + Cipher \ + Ciphers \ + ClearAllForwardings \ + Compression \ + CompressionLevel \ + ConnectionAttempts \ + ConnectTimeout \ + ControlMaster \ + ControlPath \ + ControlPersist \ + DynamicForward \ + EnableSSHKeysign \ + EscapeChar \ + ExitOnForwardFailure \ + FingerprintHash \ + ForwardAgent \ + ForwardX11 \ + ForwardX11Timeout \ + ForwardX11Trusted \ + GatewayPorts \ + GlobalKnownHostsFile \ + GSSAPIAuthentication \ + GSSAPIDelegateCredentials \ + GSSAPITrustDns \ + HashKnownHosts \ + Host \ + HostbasedAuthentication \ + HostbasedKeyTypes \ + HostKeyAlgorithms \ + HostKeyAlias \ + HostName \ + IdentitiesOnly \ + IdentityAgent \ + IdentityFile \ + IgnoreUnknown \ + IPQoS \ + KbdInteractiveAuthentication \ + KbdInteractiveDevices \ + KexAlgorithms \ + LocalCommand \ + LocalForward \ + LogLevel \ + MACs \ + NoHostAuthenticationForLocalhost \ + NumberOfPasswordPrompts \ + PasswordAuthentication \ + PermitLocalCommand \ + PKCS11Provider \ + Port \ + PreferredAuthentications \ + Protocol \ + ProxyCommand \ + ProxyJump \ + ProxyUseFdpass \ + PubkeyAcceptedKeyTypes \ + PubkeyAuthentication \ + RekeyLimit \ + RemoteForward \ + RequestTTY \ + RevokedHostKeys \ + RhostsRSAAuthentication \ + RSAAuthentication \ + SendEnv \ + ServerAliveCountMax \ + ServerAliveInterval \ + StreamLocalBindMask \ + StreamLocalBindUnlink \ + StrictHostKeyChecking \ + TCPKeepAlive \ + Transport \ + Tunnel \ + TunnelDevice \ + UpdateHostKeys \ + UsePrivilegedPort \ + User \ + UserKnownHostsFile \ + VerifyHostKeyDNS \ + VisualHostKey \ + XAuthLocation \ + \ + AFSTokenPassing \ + FallBackToRsh \ + KeepAlive \ + KerberosAuthentication \ + KerberosTgtPassing \ + PreferredAuthentications \ + ProtocolKeepAlives \ + RhostsAuthentication \ + SetupTimeOut \ + SmartcardDevice \ + UseRsh \ + && ret=0 + fi + ;; + forward) + local port=false host=false listen=false bind=false + if compset -P 1 '*:'; then + if [[ $IPREFIX != (*=|)<-65535>: ]]; then + if compset -P 1 '*:'; then + if compset -P '*:'; then + port=true + else + host=true + fi + else + listen=true + ret=0 + fi + else + if compset -P '*:'; then + port=true + else + host=true + fi + fi + else + listen=true + bind=true + fi + $port && { _message -e port-numbers 'port number'; ret=0 } + $listen && { _message -e port-numbers 'listen-port number'; ret=0 } + $host && { _wanted hosts expl host _ssh_hosts -S: && ret=0 } + $bind && { _wanted bind-addresses expl bind-address _bind_addresses -S: && ret=0 } + return ret + ;; + dynforward) + _message -e port-numbers 'listen-port number' + if ! compset -P '*:'; then + _wanted bind-addresses expl bind-address _bind_addresses -qS: + fi + return 0 + ;; + hostport) + if compset -P '*:'; then + _message -e port-numbers 'port number' + ret=0 + else + _wanted hosts expl host _ssh_hosts -S: && ret=0 + fi + return ret + ;; + macs) + _values -s , 'MAC algorithms' hmac-md5 hmac-sha1 umac-64@openssh.com \ + hmac-ripemd160 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 \ + hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96 && ret=0 + ;; + command) + local -a _comp_priv_prefix + shift 1 words + (( CURRENT-- )) + _normal + return + ;; + userhost) + if compset -P '*@'; then + _wanted hosts expl 'remote host name' _ssh_hosts && ret=0 + elif compset -S '@*'; then + _wanted users expl 'login name' _ssh_users -S '' && ret=0 + else + if (( $+opt_args[-l] )); then + tmp=() + else + tmp=( 'users:login name:_ssh_users -qS@' ) + fi + _alternative \ + 'hosts:remote host name:_ssh_hosts' \ + "$tmp[@]" && ret=0 + fi + ;; + file) + if compset -P 1 '[^./][^/]#:'; then + _remote_files -- ssh ${(kv)~opt_args[(I)-[FP1246]]/-P/-p} && ret=0 + elif compset -P 1 '*@'; then + suf=( -S '' ) + compset -S ':*' || suf=( -r: -S: ) + _wanted hosts expl 'remote host name' _ssh_hosts $suf && ret=0 + else + _alternative \ + 'files:: _files' \ + 'hosts:remote host name:_ssh_hosts -r: -S:' \ + 'users:user:_ssh_users -qS@' && ret=0 + fi + ;; + rfile) + if compset -P 1 '*:'; then + _remote_files -- ssh && ret=0 + elif compset -P 1 '*@'; then + _wanted hosts expl host _ssh_hosts -r: -S: && ret=0 + else + _alternative \ + 'hosts:remote host name:_ssh_hosts -r: -S:' \ + 'users:user:_ssh_users -qS@' && ret=0 + fi + ;; + esac + done + + return ret +} + +_ssh_users () { + _combination -s '[:@]' my-accounts users-hosts users "$@" +} + +_ssh_hosts () { + local -a config_hosts + local config + integer ind + + if [[ "$IPREFIX" == *@ ]]; then + _combination -s '[:@]' my-accounts users-hosts "users=${IPREFIX/@}" hosts "$@" + else + _combination -s '[:@]' my-accounts users-hosts \ + ${opt_args[-l]:+"users=${opt_args[-l]:q}"} hosts "$@" + fi + if (( ind = ${words[(I)-F]} )); then + config=${~words[ind+1]} 2>/dev/null + else + config="$HOME/.ssh/config" + fi + if [[ -r $config ]]; then + local key hosts host + while IFS=$'=\t ' read -r key hosts; do + if [[ "$key" == (#i)host ]]; then + for host in ${(z)hosts}; do + case $host in + (*[*?]*) ;; + (*) config_hosts+=("$host") ;; + esac + done + fi + done < "$config" + if (( ${#config_hosts} )); then + _wanted hosts expl 'remote host name' \ + compadd -M 'm:{a-zA-Z}={A-Za-z} r:|.=* r:|=*' "$@" $config_hosts + fi + fi +} + +_ssh "$@" -- cgit v1.2.3