Using the Host declaration properly - SSH

This is a discussion on Using the Host declaration properly - SSH ; I am trying to construct an ssh_config that behaves differently for: - local network non-FQDN hosts - local network FQDN hosts - non-local (=> FQDN) hosts So I have: Host * ....local non-FQDN config... Host *.icequake.net ....local FQDN config... Host ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Using the Host declaration properly

  1. Using the Host declaration properly

    I am trying to construct an ssh_config that behaves differently for:
    - local network non-FQDN hosts
    - local network FQDN hosts
    - non-local (=> FQDN) hosts

    So I have:

    Host *
    ....local non-FQDN config...

    Host *.icequake.net
    ....local FQDN config...

    Host *.*
    ....non-local config...

    But ssh seems to take "Host *" and run with it; it matches every host,
    even if there is a more specific match elsewhere.

    I could not find a way to specify a network in the usual notation, such
    as Host 1.2.3.4/31, since this would be the optimal thing to do in this
    case.

    Any suggestions?


  2. Re: Using the Host declaration properly

    (assuming OpenSSH in the following)

    On 2007-01-25, runderwo@mail.win.org wrote:
    > I am trying to construct an ssh_config that behaves differently for:
    > - local network non-FQDN hosts
    > - local network FQDN hosts
    > - non-local (=> FQDN) hosts
    >
    > So I have:
    >
    > Host *
    > ...local non-FQDN config...
    >
    > Host *.icequake.net
    > ...local FQDN config...
    >
    > Host *.*
    > ...non-local config...
    >
    > But ssh seems to take "Host *" and run with it; it matches every host,
    > even if there is a more specific match elsewhere.


    ssh_config is first-match not last-match so you need to put the "Host *"
    at the end of the file. From the ssh_config(5) man page:

    For each parameter, the first obtained value will be used. The configu-
    ration files contain sections separated by "Host" specifications, and
    that section is only applied for hosts that match one of the patterns
    given in the specification. The matched host name is the one given on
    the command line.

    > I could not find a way to specify a network in the usual notation, such
    > as Host 1.2.3.4/31, since this would be the optimal thing to do in this
    > case.


    There's no way to use CIDR notation in Hosts directives.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: Using the Host declaration properly

    runderwo@mail.win.org wrote:
    > But ssh seems to take "Host *" and run with it; it matches every host,
    > even if there is a more specific match elsewhere.


    Perhaps you want to put that one last then?

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  4. Re: Using the Host declaration properly

    On Jan 25, 4:33 pm, Darren Tucker wrote:
    > For each parameter, the first obtained value will be used. The configu-
    > ration files contain sections separated by "Host" specifications, and
    > that section is only applied for hosts that match one of the patterns
    > given in the specification. The matched host name is the one given on
    > the command line.


    It didn't occur to me that the aforementioned ordering would also apply
    to Host stanzas themselves. I was thinking of it as applied to options
    that the user accidentally specified more than once. But it makes
    sense,
    because as soon as you entered the first Host stanza, that variable has
    been set, and cannot then be reset to a different value as the
    documentation states.

    Thanks!


+ Reply to Thread