openssh bugs - Feb 2016 - [Bug 2538] New: openssh v7 config parse regression

https://bugzilla.mindrot.org/show_bug.cgi?id=2538

            Bug ID: 2538
           Summary: openssh v7 config parse regression
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: petrus.lt+openssh at gmail.com

Since 7.0, maybe a bit earlier, this config stopped working: 

42 Host foo*
43   HostName %h.bar.com

45 Host *.bar.com
46   ProxyCommand ssh -A anotherhost.otherdomain.com ncat $(echo %h |
awk -F. '{print $(NF-2)}') %p 2> /dev/null

Here is what's expected:

$ ssh -vv foo
OpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015
debug1: Reading configuration data /home/petrus/.ssh/config
debug1: /home/petrus/.ssh/config line 42: Applying options for foo*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/petrus/.ssh/config
debug1: /home/petrus/.ssh/config line 42: Applying options for foo*
debug1: /home/petrus/.ssh/config line 45: Applying options for
*.bar.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec ssh -A
anotherhost.otherdomain.com ncat $(echo foo.bar.com | awk -F. '{print
$(NF-2)}') 22 2> /dev/null
debug1: identity file /home/petrus/.ssh/id_rsa type 1
debug1: permanently_drop_suid: 1001
debug1: identity file /home/petrus/.ssh/id_rsa-cert type -1
debug1: identity file /home/petrus/.ssh/id_dsa type -1
debug1: identity file /home/petrus/.ssh/id_dsa-cert type -1
debug1: identity file /home/petrus/.ssh/id_ecdsa type -1
debug1: identity file /home/petrus/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/petrus/.ssh/id_ed25519 type -1
debug1: identity file /home/petrus/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11
FreeBSD-20140420
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH_3.* compat 0x01000000
<everything works>

We can see that the two Host statements from config file were applied,
whereas with 7.x this is no longer true:

Linux:
$ ssh -vv foo
OpenSSH_7.1p2, OpenSSL 1.0.2e 3 Dec 2015
debug1: Reading configuration data /home/petrus/.ssh/config
debug1: /home/petrus/.ssh/config line 42: Applying options for foo*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to foo.bar.com [192.0.2.12] port 22.
^C

OpenBSD 5.8:
$ ssh -vv foo
OpenSSH_7.0, LibreSSL 2.2.2
debug1: Reading configuration data /home/petrus/.ssh/config
debug1: /home/petrus/.ssh/config line 42: Applying options for foo*
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to foo.bar.com [192.0.2.12] port 22.
^C

foo.bar.com is not directly reachable from the ssh client, but with 7.x
the second Host statement from the config file is ignored. A tcpdump
confirms that the client tries to connect to foo.bar.com directly.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2538

Pierre Emeriaud <petrus.lt+openssh at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |petrus.lt+openssh at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2538

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
That behaviour (re-parsing configuration files when Hostname directives
changed the target host) was a regression that was fixed in OpenSSH
6.8. 

If you want to get that behaviour back and use the re-written hostname,
then set CanonicaliseHostname=yes

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2538

Pierre Emeriaud <petrus.lt+openssh at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Pierre Emeriaud <petrus.lt+openssh at gmail.com> ---
Thanks Damien, with "CanonicalizeHostname always" this works as 6.6
was. 

Sorry for the noise and keep on hacking.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.