[Bug 2774] New: Add a InheritConfig option for host stanzas
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Sep 7 08:46:58 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2774
Bug ID: 2774
Summary: Add a InheritConfig option for host stanzas
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: imoverclocked at gmail.com
Today, ssh_config allows a user to bring in different configuration
snippets and selectively override settings per Host configuration
sections. Sometimes, a user will have several different sources of
configuration suggestions which, when poorly suggested, can lead to
unwanted behavior.
Example Suggestion 1:
Place the following snippet in your ~/.ssh/config file:
---
Host *.foo.example.com
ForwardAgent no
---
Example (poor) Suggestion 2:
Place the following snippet at the top of your ~/.ssh/config file:
---
ForwardAgent yes
---
Now the user has unwittingly fixed one problem by breaking a perviously
good security decision for a class of nodes.
It would be nice if Suggestion 1 could be re-written to ensure that
*.foo.example.com will never have ForwardAgent yes:
---
Host *.foo.example.com
InheritConfig no
ForwardAgent no
---
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list