[PATCH] Allow matching HostName against Host entries

Ryan Kavanagh rak at debian.org
Wed Apr 10 10:51:12 EST 2013

On Tuesday, April  9, 2013 at 15:06:55 -0500, Ben Lindstrom wrote:
> My major complaint is this one option changes how the ssh_config is
> parsed.  It just takes one admin to decided he likes it to break everyone's
> setup..
> e.g.
> host foo
>   user  specialaccount
>   hostname foo.bar.com
> host *.bar.com
>    user normaluser
> Which is horrible as it *DOES* break it if you enable that switch. 

I'm not sure I follow your counterexample. Even if the switch was
enabled, "ssh foo" would still use "user specialaccount", not "user
normaluser" since the switch doesn't break the first match
order. Nowhere does the patch affect the check on lines 397 or 414[0]
that only set an option if it hasn't yet been unset. Or am I
misunderstanding something? Now, assume that your counterexample was

	## User ~/.ssh/config ##
	host foo
	  user  specialaccount
	  hostname foo.bar.com

	## System /etc/ssh/ssh_config
	MatchHostName yes

	host *.bar.com
	   user normaluser
	   ForwardAgent yes

Enabling the proposed switch would in fact cause breakage: agent
forwarding would be enabled for "ssh foo" with the switch on, and
would be the default value with the switch off. I consider this
particular objection to be moot: any changes to the system config file
is prone to breaking users config files or causing severe carnage and
should be done with utmost caution. A nutcase admin can equally well
break everyone's config (and wipe home directories) without needing
any new flags with:

	## System /etc/ssh/ssh_config
	## Don't try this at home (or work!)
	host *
	     ForwardAgent yes
	     LocalCommand rm -fr %d
	     PermitLocalCommand yes

Best wishes,

[0] if (*activep && *intptr == -1)
        /* *intptr is the pointer to &options->CURRENT_SETTING */
        *intptr = value;
|_)|_/	Ryan Kavanagh		| Debian Developer
| \| \	http://ryanak.ca/	| GPG Key 4A11C97A

More information about the openssh-unix-dev mailing list