Bug#774369: openssh-client: "Port" is not correctly handled in ssh_config when CanonicalizeHostname is enabled
Package: openssh-client
Version: 1:6.7p1-3
Severity: normal
Given an user ssh_config (~/.ssh/config) like this:
1 Host server*.example.com
2 User name
3 Port 1234
4
5 Host *
6 CanonicalizeHostname yes
7 CanonicalDomains example.com
8 CanonicalizeMaxDots 0
9 CanonicalizeFallbackLocal yes
10 ControlMaster auto
11 ControlPath /tmp/ssh_mux_%h_%p_%r
12 ControlPersist 1h
Then run ``ssh -v server0``, here is the output:
1 OpenSSH_6.7p1 Debian-3, OpenSSL 1.0.1j 15 Oct 2014
2 debug1: Reading configuration data <home>/.ssh/config
3 debug1: <home>/.ssh/config line 5: Applying options for *
4 debug1: Reading configuration data /etc/ssh/ssh_config
5 debug1: /etc/ssh/ssh_config line 19: Applying options for *
6 debug1: Canonicalized hostname "server0" => "server0.example.com"
7 debug1: Hostname has changed; re-reading configuration
8 debug1: Reading configuration data <home>/.ssh/config
9 debug1: <home>/.ssh/config line 1: Applying options for server*.example.com
10 debug1: <home>/.ssh/config line 5: Applying options for *
11 debug1: Reading configuration data /etc/ssh/ssh_config
12 debug1: /etc/ssh/ssh_config line 19: Applying options for *
13 debug1: auto-mux: Trying existing master
14 debug1: Control socket "/tmp/ssh_mux_server0.example.com_1234_name" does
not exist
15 debug1: Connecting to server0.example.com [127.0.0.1] port 22.
16 debug1: connect to address 127.0.0.1 port 22: Connection refused
17 ssh: connect to host server0.example.com port 22: Connection refused
As you can see, ssh didn't use the specified port 1234, but the default port 22
to connect,
while when creating ControlPath socket, it uses the given port.
I have scanned the source code, and believe I have found the cause, but I don't
know how to fix it nicely.
So I just give my description to it. The source code is fetched with ``apt-get
source openssh-client``.
In ssh.c, the procedure is like this:
* line 902, process_config_files(pw), now options.port is not set, since no
config block with ``Port`` option is matched.
* line 919, addrs = resolve_canonicalize(&host, options.port), now, port in
``addrs`` is default_ssh_port()
* line 948-954, the target hostname has changed, so config files re-parsed.
now, options.port is set to 1234
* line 1037-1052, expand control_path, %p is expanded to portstr(assigned in
line 1007), which is 1234
* line 1073, ssh_connect(host, addrs, &hostaddr, options.port, ...), in
ssh_connect() function, however, the ``options.port`` is not used, but directly
use address info from ``addrs``, so ssh_connect actually uses port 22.
Following this procedure, whenever "CanonicalizeHostname" is enabled, ``Port``
may not be handled as expected in ssh_config file.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.22
ii libc6 2.19-13
ii libedit2 3.1-20140620-2
ii libgssapi-krb5-2 1.12.1+dfsg-16
ii libselinux1 2.3-2
ii libssl1.0.0 1.0.1j-1
ii passwd 1:4.2-3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.9-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- no debconf information
Reply to: