主页 / ubuntu / 问题 / 986479
Accepted
LeGEC
Asked: 2017-12-16 01:18:19 +0800 CST

SSH:配置文件未按预期使用

  • 772

我最近从 Trusty (14.04) 更新到 Xenial (16.04),现在我在使用 ssh 和我的.ssh/config文件时有不同的行为。

以前:在配置文件中,当第一条规则将应用于主机a以将目标Hostname从更改ab,并且另一条规则将应用于 时b,将应用第二条规则。

现在:仅应用第一个规则,忽略第二个规则。

以下是这种新行为的示例:

# I added two extra names for "127.0.0.1" :
legec@Workstation[.ssh]$ head -2 /etc/hosts
127.0.0.1   localhost
127.0.0.1   foo foo.homesweethome.com

# config file :
legec@Workstation[.ssh]$ cat ~/.ssh/config
# this rule expands "foo" to "foo.homesweethome.com"
Host foo
    Hostname foo.homesweethome.com

# this rule sets default port and user for "foo.homesweethome.com" :
Host foo.homesweethome.com
    Port 2222
    User foobar

# when running ssh :    
legec@Workstation[.ssh]$ ssh -v foo
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g  1 Mar 2016
  # as you can see in the following two lines,
  # the first config rule is applied
debug1: Reading configuration data /home/legec/.ssh/config
debug1: /home/legec/.ssh/config line 1: Applying options for foo
  # the second rule is skipped
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to foo.homesweethome.com [127.0.0.1] port 22.
debug1: Connection established.

  [.. extra debug messages about possible keys to present, protocol setup ... ]

debug1: Next authentication method: password
# I was hoping to see a connection on port 2222,
# and asking the password for user foobar :
[email protected]'s password:

我的 ssh lib 的当前版本是:

legec@Workstation[.ssh]$ ssh -V
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g  1 Mar 2016

[编辑]:正如fkraeim提醒我的那样,OpenSSHin Trusty (14.04) 的版本是 6.6 。

问题

  • ssh 的行为发生了什么变化?
  • 如何在上面的示例中同时应用这两个规则?

注意:对于更完整的上下文,在我的真实配置文件中,配置如下所示:

Host bar baz
    Hostname %h.homesweethome.com

Host foo
    Hostname foo.homesweethome.com

Host *.homesweethome.com
    User foobar
    Port 2222
16.04

2 个回答

  1. Best Answer

    这很好地说明了有时,一个人的错误是另一个人的特征......

    OpenSSH 在 14.04 中的这种行为实际上是 OpenSSH 6.6(这是 Ubuntu 14.04 中的版本)中引入的一个错误,并在 6.8 中修复(另请参见更改日志)。做你想做的事情的正确方法是

    Host bar baz
    Hostname %h.homesweethome.com

Host foo
    Hostname foo.homesweethome.com

Host foo bar baz *.homesweethome.com
    User foobar
    Port 2222

    或者,也许规范化真的是你想要的......例如

    CanonicalizeHostname yes
CanonicalDomains homesweethome.com

Host *.homesweethome.com
    User foobar
    Port 2222

    ...可以为你工作。与您当前配置的不同之处在于,如果例如goo.homesweethome.com存在,ssh goo将尝试连接到它。

    • 7

  2. 我不知道 14.04 和 16.04 之间发生了什么变化,但该CanonicalizeHostnames选项似乎发挥了作用。来自man ssh_config

    CanonicalizeHostname
 Controls whether explicit hostname canonicalization is performed.
 The default, “no”, is not to perform any name rewriting and let
 the system resolver handle all hostname lookups.  If set to “yes”
 then, for connections that do not use a ProxyCommand, ssh(1) will
 attempt to canonicalize the hostname specified on the command
 line using the CanonicalDomains suffixes and
 CanonicalizePermittedCNAMEs rules.  If CanonicalizeHostname is
 set to “always”, then canonicalization is applied to proxied
 connections too.

 If this option is enabled, then the configuration files are
 processed again using the new target name to pick up any new
 configuration in matching Host and Match stanzas.

    注意最后一段。当我添加:

    Host *
  CanonicalizeHostname yes

    我得到了预期的结果:

    $ ssh foo                
ssh: connect to host foo.homesweethome.com port 2222: Connection refused
    • 3

相关问题