Host selection in ssh_config

Jean-Michel Elyn (MAILZ) jean-michel.elyn at
Fri Apr 8 23:24:32 EST 2011

Hello there,

I'm a little afraid of writing here, hope I don't make any mistake doing 
so. I'm trying for days and searching the web too, but no obvious 
solution, no reply from the specialized forum I wrote in.

Here is the situation:
I would like to have a lighter security inside our domain, without 
changing when going outside. By "lighter security" I mean at least, no 
host key check; we often install and re-install hosts and managing all 
that public keys is heavy. Then my goal is to have two different 
configurations when targeting a host:

* inside our domain: "StrictHostKeyChecking no" and "UserKnownHostsFile 
* into the Wild: "StrictHostKeyChecking yes" and "UserKnownHostsFile 

And now my problem:
The easiest way to sort target hosts, I thought, was to select our 
domain in ssh_config:

# inside
Host *.our_domain
# outside
Host *

However, the hostname used is the one written in the command, I suppose: 
"ssh a_host.our_domain" works fine! But "ssh a_host" does not. Of course 
we all avoid writing our domain. So I wanted to check whether a domain 
is provided (a point "." should exist):

# inside
Host !*.*
# outside
Host *

Unfortunately it doesn't work... I tried many other possibilities but 
all failed. Is there a solution to that problem? If yes how to do? If 
not is it a bug? Thanks for your help.


More information about the openssh-unix-dev mailing list