openssh unix dev - Sep 2001 - openssh-2.9p2, short hostnames

For systems where the local hostname is obtained as a short name without
domain, there should be a ssh_config option "DefaultDomain" as in
ssh-3.x
from ssh.com.
For the server, there might be a corresponding option in order to strip
the domain name from the remote client name (if it matches the server's
DefaultDomain) for use in auth_rhost2, since netgroups usually contain
short names in this case.
These applies especially to Solaris with NIS hosts and netgroup maps.

 Hans Werner Strube          strube at physik3.gwdg.de
 Drittes Physikalisches Institut,  Univ. Goettingen
 Buergerstr. 42-44,   D-37073 Goettingen,   Germany

> For systems where the local hostname is obtained as a short name without
> domain, there should be a ssh_config option "DefaultDomain" as in
ssh-3.x
> from ssh.com.
Below there is a patch which implements this. But it does not abort (as
ssh-3.x does) if the host name is not FQDN, since within the local net
there is no need for this. By making the config entry conditional for names
with dots, a short "chost" name can be used within the local net and
the
FQDN otherwise:
Host *.*
   DefaultDomain my.local.net
Host *
#  no DefaultDomain
> For the server, there might be a corresponding option in order to strip
> the domain name from the remote client name (if it matches the server's
> DefaultDomain) for use in auth_rhost2, since netgroups usually contain
> short names in this case.
If the resolvedname in auth2.c is short, this is not necessary if either a
short chost is used by the client (with the trailing dot stripped in auth2.c,
see thread "openssh-2.9.p2, auth2.c") or if
HostbasedUsesNameFromPacketOnly
is *not* used in the server.

Patch (the line numbers are for 2.9.9p2):
*** readconf.c.ORI	Thu Sep 20 02:57:56 2001
--- readconf.c	Mon Oct  1 15:17:47 2001
***************
*** 116,121 ****
--- 116,122 ----
  	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
  	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
  	oClearAllForwardings
+ 	,oDefaultDomain
  } OpCodes;
  
  /* Textual representations of the tokens. */
***************
*** 186,191 ****
--- 187,193 ----
  	{ "bindaddress", oBindAddress },
  	{ "smartcarddevice", oSmartcardDevice },
  	{ "clearallforwardings", oClearAllForwardings }, 
+ 	{ "defaultdomain", oDefaultDomain }, 
  	{ NULL, 0 }
  };
  
***************
*** 488,493 ****
--- 490,499 ----
  		charptr = &options->smartcard_device;
  		goto parse_string;
  
+ 	case oDefaultDomain:
+ 		charptr = &options->default_domain;
+ 		goto parse_string;
+ 
  	case oProxyCommand:
  		charptr = &options->proxy_command;
  		string = xstrdup("");
***************
*** 793,798 ****
--- 799,805 ----
  	options->preferred_authentications = NULL;
  	options->bind_address = NULL;
  	options->smartcard_device = NULL;
+ 	options->default_domain = NULL;
  }
  
  /*
*** readconf.h.ORI	Thu Sep 20 02:57:56 2001
--- readconf.h	Mon Oct  1 15:18:28 2001
***************
*** 101,106 ****
--- 101,107 ----
  	int     num_remote_forwards;
  	Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
  	int	clear_forwardings;
+ 	char	*default_domain;
  }       Options;
  
  
*** sshconnect2.c.ORI	Wed Sep 12 20:29:01 2001
--- sshconnect2.c	Mon Oct  1 15:37:02 2001
***************
*** 842,850 ****
--- 842,859 ----
  		return 0;
  	}
  	len = strlen(p) + 2;
+ 	i = 0;
+ 	if (!strchr(p, '.') && options.default_domain) {
+ 		i = 1;
+ 		len += strlen(options.default_domain) + 1;
+ 	}
  	chost = xmalloc(len);
  	strlcpy(chost, p, len);
  	strlcat(chost, ".", len);
+ 	if(i > 0) {
+ 		strlcat(chost, options.default_domain, len);
+ 		strlcat(chost, ".", len);
+ 	}
  	debug2("userauth_hostbased: chost %s", chost);
  	/* check for a useful key */
  	for (i = 0; i < authctxt->nkeys; i++) {

>
> > > For systems where the local hostname is obtained as a short name
without
> > > domain, there should be a ssh_config option
"DefaultDomain" as in ssh-3.x
> > > from ssh.com.
> > Below there is a patch which implements this. But it does not abort
(as
> > ssh-3.x does) if the host name is not FQDN, since within the local net
> > there is no need for this. By making the config entry conditional for
names
> > with dots, a short "chost" name can be used within the local
net and the
> > FQDN otherwise:
> > Host *.*
> >    DefaultDomain my.local.net
> > Host *
> > #  no DefaultDomain
> 
> I don't think it is a good idea to hack _ssh_ to support this.  Why
don't
> you use FQDN's as hostnames like most of the other people?
For instance, because FQDNs blow up the netgroup entries. Then large
netgroups would be difficult to treat with NIS, since the NIS ndbm records
are limited to 1024 bytes. This is a historical burden of Solaris. Also it
is usually much more convenient to work with short names *within* a local
network. (Well, I know, in principle you are right, and some PD programs
have difficulties constructing the FQDN then ...)

> > While the length of a key's value is 1024 bytes, you can break the
> > value so it references other *keys* and therefore work around this
> > limitation. If you generate the NDBM maps directly from text files
> > though, your kinda screwed unless you somehow automate this process.
I have already applied this technique before (even for too many short
host names) but would like to avoid it if possible.
> The reverse maps are the ones used by innetgr() on Solaris. The reverse
> maps' keys are named after users and hosts, and the values are
> comma-separated lists of netgroups the users/hosts belong to.
> 
> There's no way to break those up.
But there is no need to break those up, since those records are quite short.