openssh bugs - Sep 2019 - [Bug 3073] New: Cannot override hostname inside Match after hostname canonicalization

https://bugzilla.mindrot.org/show_bug.cgi?id=3073

            Bug ID: 3073
           Summary: Cannot override hostname inside Match after hostname
                    canonicalization
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: andrebreda at tecnico.ulisboa.pt

Created attachment 3330
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3330&action=edit
ssh_config

(I marked it as a bug instead of an enhancement because I found nothing
in the man page that suggested I couldn't do this. It also probably
applies to all hardware and OSes)

Where I work, we tend to only access our stuff from our own
workstation, as an additional layer of security. Also, I don't want to
type a full FQDN everytime I want to use ssh.

In order to connect to work machines I usually ssh-ed into my
workstation, then to the machine that I wanted.
Eventually I got tired of the repetition, wanted to automate it and
came up with the attached configuration.

However, the HostName option is not applied and it tries to connect to
the canonicalized hostname (checked with -v flag).
If I replace "Match final ..." with "Host *" it works
because
canonicalization no longer occurs (checked with -v flag).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3073

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
   Attachment #3330|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3073

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Right - this won't work. OpenSSH's configuration is first-match-wins
for most options (including Hostname), i.e. each option may only be set
once and subsequent attempts to modify it are ignored.

Hostname canonicalisation counts as setting Hostname as far as the
configuration is concerned. There's no practical way to avoid this I'm
afraid. I suggest you find some other way to express what you're trying
to do.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3073

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Closing all resolved bug with release of openssh-8.2

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.