[Bug 3567] New: CanonicalizeHostname yes doesn't canonicalize the Hostname with ProxyJump none
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Apr 25 16:36:20 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3567
Bug ID: 3567
Summary: CanonicalizeHostname yes doesn't canonicalize the
Hostname with ProxyJump none
Product: Portable OpenSSH
Version: 9.3p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mindrot-bugzilla at herkulessi.de
Basically the Summary.
When CanonicalizeHostname is set to yes and ProxyJump is explicitly
disabled via setting it to none, no hostname canonicalisation is
performed.
According to the Documentation, "If set to yes then, for connections
that do not use a ProxyCommand or ProxyJump, ssh(1) will attempt to
canonicalize the hostname" and "A value of none disables the use of a
ProxyJump host."
If you do actually set ProxyJump to none, ssh still asks the system
resolver to resolve the short name, but not the canonicalized one and
exits with "ssh: Could not resolve hostname <short hostname>: Name or
service not known"
ProxyCommand works as expected (as in "if set to none hostname
canonicalisation is performed").
"CanonicalizeHostname always" also works as expected.
Since I only have access to Linux machines, I only tested it on Linux,
but it affects at least x86_64 (AMD64) and aarch64 (ARM64) on both the
current OpenSSH version shipped by Debian (OpenSSH_8.4p1
Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022) as well as the latest
release built from the official source tarball (OpenSSH_9.3p1, OpenSSL
3.0.8 7 Feb 2023)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list