[Bug 3072] Some options ignored in Host specifications in ssh_config

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 20 08:12:15 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3072

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Yes that's how it works.  Quoting the first paragraph of ssh_config(5):

  For each parameter, the first obtained value will be used.  The
  configuration files contain sections separated by Host
specifications,
  and that section is only applied for hosts that match one of the
  patterns given in the specification.

In the context of MACs (and a few other things like Ciphers), "+thing"
is a value that means "append this to the default list", and it was
added so that there was a way to enable things line hmac-md5 where a
host required it in a way that wouldn't disable future better options.

You can set defaults by putting them at the end of the file after "Host
*":

  Host somehost
    MACs +hmac-md5
  Host *
    MACs hmac-sha1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list