[Bug 2906] New: Need something like 'Match finalpass'
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Sep 18 19:27:51 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2906
Bug ID: 2906
Summary: Need something like 'Match finalpass'
Product: Portable OpenSSH
Version: 7.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: zenczykowski at gmail.com
If canonicalization is on this should behave like 'Match canonical'.
If it isn't it should behave like 'Match all' or 'Host *'.
See https://bugzilla.redhat.com/show_bug.cgi?id=1630166 for extra
details, but:
Basically if system /etc/ssh/ssh_config has a:
Host *
Key foo
clause, then this trumps any ~/.ssh/config:
Host blah.org
Key bar
setting if user attempts to 'ssh blah' (where blah canonicalizes to
blah.org).
This is because of config file parse order: first ~/.ssh/config which
doesn't match on non-canonical hostname, then /etc/ssh/ssh_config which
matches on * and sets Key=foo. Then on re-parse with canonical
hostname user's Host blah.org matches, but it's too late to set Key=bar
because it's already been set.
(perhaps related, but perhaps there should also be some sort of special
handling for 'Key +bar' or 'Key -bar' to treat it as append/remove
instead of override, but that would be far more difficult to implement)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list