Bug#743972: openssh-client: ssh reprocesses configuration files even when CanonicalizeHostname is not set
Package: openssh-client
Version: 1:6.6p1-2
Severity: normal
Dear Maintainer,
I have an ssh configuration which allows me to easily access
local hosts (which are reachable directly) and remote hosts
(which are only reachable through a HTTP proxy). The
configuration file (simplified) looks like this:
Host a
Hostname 172.18.1.1
Host b
Hostname 172.18.1.2
[..]
Host *.*
ProxyCommand nc -X connect -x gateway:8080 %h %p
The upgrade of openssh-client from version 1:6.5p1-6 to 1:6.6p1-2
breaks this configuration. ssh now reprocesses the config file
with the substituted host name even when I explicitly set
CanonicalizeHostname to no. Thus the "Host *.*" pattern matches
always and ssh tries to reach all hosts through the proxy.
CanonicalizeHostname is the only option I have found which should
trigger the reprocessing of the config file. And there seems to
be no other option to explicitly disable this behavior.
Uwe
ssh log with config file:
Host *
CanonicalizeHostname no
Host a
Hostname 172.18.1.1
Host *.*
ProxyCommand nc -X connect -x gateway:8080 %h %p
$ ssh -v a
OpenSSH_6.6, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /home/uwe/.ssh/config
debug1: /home/uwe/.ssh/config line 1: Applying options for *
debug1: /home/uwe/.ssh/config line 3: Applying options for a
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/uwe/.ssh/config
debug1: /home/uwe/.ssh/config line 1: Applying options for *
debug1: /home/uwe/.ssh/config line 5: Applying options for *.*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec nc -X connect -x gateway:8080 172.18.1.1 22
[..]
nc: Proxy error: "HTTP/1.0 504 Gateway Time-out"
ssh_exchange_identification: Connection closed by remote host
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (750, 'testing'), (650, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.6
ii libc6 2.18-4
ii libedit2 3.1-20140213-1
ii libgssapi-krb5-2 1.12.1+dfsg-1
ii libselinux1 2.2.2-1
ii libssl1.0.0 1.0.1g-1
ii passwd 1:4.1.5.1-1.1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.7-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
ii ssh-askpass 1:1.2.4.1-9
-- no debconf information
Reply to: