openssh bugs - Feb 2021 - [Bug 3265] New: Canonicalized hostnames do not clear previously-set variables after reloading config.

https://bugzilla.mindrot.org/show_bug.cgi?id=3265

            Bug ID: 3265
           Summary: Canonicalized hostnames do not clear previously-set
                    variables after reloading config.
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: erica at ericas.site

Overview:
 - When using CanonicalizeHostname, any configuration variables read
before the hostname canonicalization will be persisted after the
configuration is reloaded.

Steps to reproduce:

   1) Create a ~/.ssh/config file containing the following:

      CanonicalDomains bar.baz
      CanonicalizeHostname yes

      Host foo.bar.baz
           User alice

      Host *
           User bob

   2) Attempt to connect to "foo" (ssh foo)

Expected result:
 - Connection attempt to foo.bar.baz with username alice

Actual result:
 - Connection attempt to foo.bar.baz with username bob

Build date & hardware:
 - OpenSSH_8.4p1, OpenSSL 1.1.1h  22 Sep 2020 on Linux 5.9.11 x86_64

Additional builds and platforms:
 - OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 on Windows 10 20H2
19042.804

Additional information:
 - This is most likely caused by the user variable not being cleared 
after the configuration is reloaded due to CanonicalizeHostname. Since
User is set to "bob" in the first pass due to matching Host * when the
hostname has not yet been resolved into a FQDN, User is not set to
"alice" during the second pass when the FQDN matches the Host block.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3265

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This is intentional - per ssh_config(1):

1) configuration parsing is "first match wins"
2) CanonicalizeHostname causes the config files to be re-parsed after
the names have expanded.

Fortunately, you can control which parsing pass options get applied in
via the "canonical" and "final" predicates to the Match
directive.

In particular, if you replace "Host *" with "Match canonical
all" then
your config will do what you expect.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3265

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.