openssh unix dev - Feb 2021 - [openssh-commits] [openssh] 02/02: upstream: hostname is not specified by POSIX but uname -n is, so use

On Mon, Feb 8, 2021 at 3:59 PM Bob Proulx <bob at proulx.com>
wrote:
>
> Chris Green wrote:
> > Isn't it just 'hostname -f'?
> >
> >     chris$ hostname -f
> >     t470.zbmc.eu
> >     chris$ hostname
> >     t470
>
> The hostname -f option is a "new-ish" Linux specific option. 
It's not
> portable.  And because it works by doing a reverse DNS lookup it
> depends upon live network connectivity at that moment working for the
> network lookup and the results are spotty depending upon how DNS is
> set up and how many IP addresses are configured on the host.
>
> It's problematic.
>
> Bob
It looks in /etc/hosts first, which works very well when DNS is
unavailable and when the host his publishing a dynamic DNS entry.

On Tue, 9 Feb 2021 at 11:35, Nico Kadel-Garcia <nkadel at gmail.com>
wrote:
[about hostname -f]
> It looks in /etc/hosts first, which works very well when DNS is
> unavailable and when the host is publishing a dynamic DNS entry.
It *might* look in /etc/hosts first, depending on what's in
/etc/nsswitch.conf.  At least with glibc anyway, other libc
implementations might do something different again.  Anyway it's far
enough into "it depends" that it's not something I'd want to
rely on,
and as it stands it looks like we don't need to.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On 09.02.21 01:25, Nico Kadel-Garcia wrote:
> On Mon, Feb 8, 2021 at 3:59 PM Bob Proulx <bob at proulx.com> wrote:
>> The hostname -f option is a "new-ish" Linux specific option. 
It's not
>> portable.  And because it works by doing a reverse DNS lookup it
>> depends upon live network connectivity at that moment working for the
>> network lookup and the results are spotty depending upon how DNS is
>> set up and how many IP addresses are configured on the host.
> 
> It looks in /etc/hosts first, which works very well when DNS is
> unavailable and when the host his publishing a dynamic DNS entry.
Suffice to say that I added a check to our monitoring so as to detect
machines entering production where `hostname`, not to even mention
/etc/hosts, still returns "localhost.localdomain" or even just
"localhost" instead of something unique.

Out of interest, what *purpose* is the obtained hostname being used for?
Does OpenSSH actually *need* it to be a) unique, b) reproducible, and/or
c) a proper FQDN, or does it merely enter the comment of autogenerated
host keypairs? All the KnownHosts checking AFAIR happens on the *client*
side and uses whatever name(s) of the server are known *there* ...

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210209/da0cd690/attachment-0001.p7s>