CanonicalizeHostname issues with multiple config blocks
Robin McCorkell
rmccorkell at karoshi.org.uk
Tue Nov 4 02:09:34 EST 2014
When using the CanonicalizeHostname and CanonicalDomains directives, the
options parsed before the hostname is canonicalized cannot be overridden by
more specific blocks after canonicalization. For example:
CanonicalizeHostname yes
CanonicalDomains foo.bar.com
Host *.foo.bar.com
GSSAPIAuthentication yes
Host *
GSSAPIAuthentication no
If connecting to 'srv.foo.bar.com', then GSSAPI authentication is enabled.
But connecting to 'srv', even though it is canonicalized correctly to '
srv.foo.bar.com', does not enable GSSAPI authentication as the 'Host *'
block is parsed before canonicalization and cannot be then overridden by
the more specific block.
This behaviour was tested with OpenSSH 6.7 on Arch Linux.
Thanks,
Robin McCorkell
The Linux Schools Project
http://www.linuxschools.com
https://github.com/the-linux-schools-project
More information about the openssh-unix-dev
mailing list