I've been trying to take advantage of CanonicalizeHostname, and run into
an issue with its reparsing behavior and vendor-supplied options in system
config files. If a system config contains a stanza like this:
Host *
GSSAPIAuthentication yes
...there's now no way to set "GSSAPIAuthentication no" in any Host
sections that only match the canonicalized hostname.
I've already found https://bugzilla.mindrot.org/show_bug.cgi?id=2267 and
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-November/033098.html
concerning nearly the same problem, but I've got the additional wrinkle
that I can't just change the "Host *" to "Match canonical all" and be done
with it. (Well, I could, but fixing every instance in every vendor config
in perpetuity is fighting a losing battle...)
Have I missed some other way around this? CanonicalizeHostname fixes a
long-standing consistency headache, but I'm kinda stuck here.
-Rob
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev