CanonicalHostname and ssh connections through a jumphost

Warlich, Christof christof.warlich at
Wed May 20 17:11:08 AEST 2020

raf wrote:
> Warlich, Christof wrote:
> > ...
> > I want to be able to ssh to all internal hosts that live in the,
> > i.e. that are only accessible through the jumphost without
> > having to list each of these hosts somewhere, as they may frequently be added or
> > removed from the internal domain and without being forced to always type their
> > fully qualified hostnames.

> If you are invoking ssh from a shell, you could define a short variable for the internal
> domain and append that to the relevant hostnames:
> e.g. in your ~/.bashrc or similar:
>     i=""
> Then, on the command line:
>     ssh foo$i
> 	ssh bar$i
> At least until a better solution comes along.
> It's not perfect but it's only 2 extra characters on the command line.

Thanks, I like this kind of "out of the box" thinking ��.

But it seems that we agree that this is a hack. From my rather naïve point of view, "fixing" the
behavior of CanonicalHostname in the presence of a ProxyJump would be most desirable:
Instead of just trying to resolve one in the list of potential fully qualified hostnames locally
(which cannot work as the host is only known in some remote subnet accessible through
the ProxyJump command), the command  defined in ProxyJump should be used to resolve
the fully qualified hostname in that remote subnet.

What do you think: Could this be something worth to be considered?



More information about the openssh-unix-dev mailing list