[Bug 2685] Case sensitive hostname matching
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Mar 6 23:47:43 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2685
--- Comment #3 from Richard Birkett <openssh at richard.birkett.com> ---
(In reply to Petr Cerny [:hrosik] from comment #2)
> (In reply to Richard Birkett from comment #1)
> > Historically, matching in ssh_config was always case-sensitive.
> > This stopped happening sometime in 2013/2014, which I guess is why
> > the commits you mention were considered to be a bug-fix, not a new
> > feature.
>
> If I remember correctly, the Match Host was actually introduced as
> case insensitive at first.
Match was first introduced in 2013, which was around the same time as
Host (briefly) became case-insensitive. It looks as though e9fc72e
introduced the case-insensitive matching: it was committed on the same
day as the introduction of the Match keyword into portable OpenSSH
(194fd90), though the comment suggests it might have previously been in
the upstream OpenBSD version for a while before that. So when Match
was introduced, that was the current behaviour - but the behaviour was
later reported and acknowledged as a regression.
> That is why the proposed patch leaves _originalhost_ alone, so that
> it can be used for this purpose. One more hint that it should be
> case-insensitive is the comment preceding match_hostname().
That's interesting - the comment "which must be in all lowercase" dates
back to 2001, but wasn't true until 2013 (and then hasn't been true
again since 2014)!
For least surprise, I think "Host" should always behave exactly like
"Match originalhost", including case (in)sensitivity.
CanonicalizeHostname (and the double-parsing it triggers) makes it
behave more like "Match host", and also has the consequence that
HostName could affect Host (and "Match host") directives that appear
*before* it in the config file. I think both of those changes are
unintuitive generally, but they are mentioned in the documentation, and
at least they were supposed to apply only if canonicalisation was on.
Commit 13f97b2 made them happen even when canonicalisation is off (bug
2267). I'm still hoping to come up with a better solution for all of
this, btw!
> > Maybe the best of both worlds (though not entirely
> > backward-compatible) would be for matching of the Host keyword to be
> > case-insensitive, but add an optional modifier on the Match keyword
> > so that people who specifically want case-sensitive matching can
> > have it, eg.
> >
> > Match caseful originalhost WeIrDlAbEl
>
> Or making this a global option (e.g. MatchHostCaseSensitive) - would
> be less flexible, yet much simpler and "more" backwards compatible.
I think we should go with flexibility, but we could have a
"MatchHostCaseSensitive" option *as well*, which effectively makes
"caseful" the default. For symmetry, perhaps have a "caseless"
modifier to allow it to be overridden both ways around.
I'm torn about whether caseful or caseless should be the default.
Historically it has been, but the number of people who actually rely on
caseful matching is probably very small, so I'd tentatively support a
change to make the common usage less surprising - provided there's a
way of overriding it.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list