AW: AW: CanonicalHostname and ssh connections through a jumphost

[Warlich, Christof]

Brian Candler <b.candler at pobox.com> wrote:
>

> host *.example.com
>   ProxyJump proxy.example.com
>

> The argument would be the same.  If you try to ssh to an unqualified
> host like "foo", then you don't know that it might be resolvable via
> the given ProxyJump host until you first know that it matches
> *.example.com - a circular dependency.


Ok, let me try to understand why you think this might be a circular dependency.

First, let's complete your example:

CanonicalizeHostname always
CanonicalDomains example.com

Host *.example.com

ProxyJump proxy.example.com

Currently, with this in place, when I do "ssh foo", ssh tries to resolve foo.example.com _locally_ and fails. It never looks at the fact that, for the section "Host *.example.com", a ProxyJump has been defined. But, "CanonicalizeHostname always", as opposed to CanonicalizeHostname yes", seems to be indicating that a special treatment is performed  for proxied connections as described in the ssh_config man-page:



If CanonicalizeHostname is set to always, then canonicalization
is applied to proxied connections too.



Thus, I would consider it to be reasonable behavior if ssh would (_if_ CanonicalizeHostname is set to always) just _use_ the ProxyJump command related to that section to test if the foo.example.com host is resolvable (from within the example.com subnet).

Cheers,



Chris