search for: canonicalizehostname

raf wrote: > Warlich, Christof wrote: > > ... > > I want to be able to ssh to all internal hosts that live in the internal.sub.domain.net, > > i.e. that are only accessible through the internal.sub.domain.net jumphost without > > having to list each of these hosts somewhere, as they may frequently be added or > > removed from the internal domain and without being

https://bugzilla.mindrot.org/show_bug.cgi?id=2562 Bug ID: 2562 Summary: CanonicalizeHostname causes duplicate LocalForward attempts Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unass...

...Specifies whether to fail with an error when hostname canonical- ization fails. The default, ?no?, will attempt to look up the unqualified hostname using the system resolver?s search rules. A value of ?yes? will cause ssh(1) to fail instantly if CanonicalizeHostname is enabled and the target hostname cannot be found in any of the domains specified by CanonicalDomains. but, I think in the "yes". In the source code... 1476 initialize_options(Options * options) 1477 { 1561 options->canonicalize_fallback_local = -1; 1563 } 1571 fill_...

...sections that match the *new* hostname. Arguably this behaviour might be useful, but it's a significant functional change. There is also a documentation bug here: the description of Host says that even canonicalisation will not change the behaviour of Host matching, whereas the description of CanonicalizeHostname says that it will! But even with canonicalisation on, only canonicalised hostnames should be matched, not any explicit changes specfied by HostName. More worryingly, the problem seems to affect "Match OriginalHost", which is also documented only ever to match the text that was given on...

...: Portable OpenSSH Version: 8.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: gomez404 at gmail.com When using CanonicalizeHostname, the ForwardAgent directive doesn't seem to work under Match canonical. e.g. ----- Host bastion ProxyJump none Match canonical ProxyJump bastion ForwardAgent yes Host * ForwardAgent no CanonicalizeHostname always CanonicalDomains mydomain.co.uk CanonicalizeMaxDots...

Hello, While testing recent snapshots (20131023 and 20131024) I encountered a problem with ProxyCommand. The regression tests all passed, but the use of ProxyCommand's in my ~/.ssh/config resulted in name resolution errors; even if CanonicalizeHostname was explicitly set to "no." The patch included inline below fixed the issue: Index: ssh.c =================================================================== RCS file: /cvs/openssh/ssh.c,v retrieving revision 1.386 diff -u -r1.386 ssh.c --- ssh.c 23 Oct 2013 05:31:11 -0000 1.386 +++ ssh...

https://bugzilla.mindrot.org/show_bug.cgi?id=2356 Bug ID: 2356 Summary: inheritance of options not working as documented + HostName leads to recursive reparsing isn't documented Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: normal

...rk properly. Is there a way to suppress this DNS lookup happening locally, when using ProxyCommand? Is this in the same set of things being discussed at http://marc.info/?l=openssh-unix-dev&m=139556798100796&w=2 and https://bugzilla.mindrot.org/show_bug.cgi?id=2218 ? I don't have CanonicalizeHostName on, so what's doing the lookup?

...etimes I leave the laptop at the office overnight, or hop over to the third site for an hour or two. I'd like to find a way to configure OpenSSH (or Linux in general) to try the other networks if the machine cannot be found locally. Unfortunately, DNS "search" in /etc/resolv.conf and CanonicalizeHostname in ssh_config both don't work since they only iterate the network DNS zones until a record is found, and my laptop has an entry in all three zones. Short of creating a single DNS entry and adding all possible IPs for my laptop, I am wondering if there's a way to configure OpenSSH (or Linux...

If I want to specify for LAN addresses that I don't want to deal with host keys, how do I do that? Understanding the risks, knowing almost everyone will say not to do this - it's a horrible idea, but deciding I want to do it anyway. Tired of having to remove entries from known_hosts with the multiple VM's I have that often change fingerprints, and am willing to live with the risks.

...following keys do not. bz3580 * scp(1), sftp(1): adjust ftruncate() logic to handle servers that reorder requests. Previously, if the server reordered requests then the resultant file would be erroneously truncated. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567 * scp(1): when copying local->remote, check that the source file exists before opening an SFTP connection to the server. Based on GHPR#370 Portability ----------- * All: a number of build fixes for various platforms an...

Hi ML members, is there a reason, why ssh-keyscan does not use Host definitions from .ssh/config but does only relys on DNS host names? I have a quite long list of host names and a not that well maintained name server.

...ll maintained name server. Mostly to keep ssh-keyscan simple. ssh_config contains a lot more options than Host/Hostname that we'd need to implement if we supported it in other tools including: ProxyCommand/ProxyJump Match (further complicated by Match supporting username, but ssh-keyscan not) CanonicalizeHostname and Canonicalize* BindInterface/BindAddress There are other options too, and implementing them all would be quite a bit of work. I'd suggest writing a script or alias using `ssh -G` to resolve the hostname and plumb it to ssh-keyscan. E.g. mykeyscan() { for x in "$@" ; do ssh-ke...

...Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: pcl at pclewis.com Created attachment 2482 --> https://bugzilla.mindrot.org/attachment.cgi?id=2482&action=edit Patch to make ssh_connect_direct use port parameter. To reproduce: -- # ~/.ssh/config CanonicalizeHostname yes CanonicalDomains mynet.local Host *.mynet.local Port 99 -- $ ssh -vvv somedomain ... debug1: Canonicalized hostname "somedomain" => "somedomain.mynet.local" debug1: Hostname has changed; re-reading configuration debug1: Reading configuration data /home/user/.ssh/config d...

...led it. I am using a single word hostname. > > > > Is there any way for me to specify the private IP space I'm using, so I > can > > use single word hostnames in the command line, without having to list > each > > of them in ssh_config? > > > > Setting CanonicalizeHostname it looks like just uses the CanoncialDomains > > suffixes and CanonicalizePermittedCNAMEs rules, which I don't think I can > > set up to canonicalize to IP address. > > > > I realize I could make the options I want globally set, but I wanted > them to > > be def...

...closed when configured with a text key revocation list that contains a too-short key. bz#2897 * ssh(1): treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). bz#2896 * ssh(1): fix regression in OpenSSH 7.8 that could prevent public- key authentication using certificates hosted in a ssh-agent(1) or against sshd(8) from OpenSSH <7.8. Portability ----------- * All: support building against the openssl-1.1 API (rel...

https://bugzilla.mindrot.org/show_bug.cgi?id=3544 Bug ID: 3544 Summary: Support CIDR notation for host pattern matching Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2538 Bug ID: 2538 Summary: openssh v7 config parse regression Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

...following keys do not. bz3580 * scp(1), sftp(1): adjust ftruncate() logic to handle servers that reorder requests. Previously, if the server reordered requests then the resultant file would be erroneously truncated. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567 * scp(1): when copying local->remote, check that the source file exists before opening an SFTP connection to the server. Based on GHPR#370 Portability ----------- * All: a number of build fixes for various platforms an...

...TTY is active. * ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals before checking flags set in signal handler. Avoids potential race condition between signaling ssh to exit and polling. bz3531 * ssh(1): when connecting to a destination with both the AddressFamily and CanonicalizeHostname directives in use, the AddressFamily directive could be ignored. bz5326 * sftp(1): correct handling of the limits at openssh.com option when the server returned an unexpected message. * A number of fixes to the PuTTY and Dropbear regress/integration tests. * ssh(1): release GSS OIDs...