When using the CanonicalizeHostname and CanonicalDomains directives, the options parsed before the hostname is canonicalized cannot be overridden by more specific blocks after canonicalization. For example: CanonicalizeHostname yes CanonicalDomains foo.bar.com Host *.foo.bar.com GSSAPIAuthentication yes Host * GSSAPIAuthentication no If connecting to 'srv.foo.bar.com', then GSSAPI authentication is enabled. But connecting to 'srv', even though it is canonicalized correctly to ' srv.foo.bar.com', does not enable GSSAPI authentication as the 'Host *' block is parsed before canonicalization and cannot be then overridden by the more specific block. This behaviour was tested with OpenSSH 6.7 on Arch Linux. Thanks, Robin McCorkell The Linux Schools Project http://www.linuxschools.com https://github.com/the-linux-schools-project _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
