raf wrote: > Warlich, Christof wrote: > > ... > > I want to be able to ssh to all internal hosts that live in the internal.sub.domain.net, > > i.e. that are only accessible through the internal.sub.domain.net jumphost without > > having to list each of these hosts somewhere, as they may frequently be added or > > removed from the internal domain and without being forced to always type their > > fully qualified hostnames. > If you are invoking ssh from a shell, you could define a short variable for the internal > domain and append that to the relevant hostnames: > > e.g. in your ~/.bashrc or similar: > > i=".internal.sub.domain.net" > > Then, on the command line: > > ssh foo$i > ssh bar$i > > At least until a better solution comes along. > It's not perfect but it's only 2 extra characters on the command line. Thanks, I like this kind of "out of the box" thinking 😊. But it seems that we agree that this is a hack. From my rather naïve point of view, "fixing" the behavior of CanonicalHostname in the presence of a ProxyJump would be most desirable: Instead of just trying to resolve one in the list of potential fully qualified hostnames locally (which cannot work as the host is only known in some remote subnet accessible through the ProxyJump command), the command defined in ProxyJump should be used to resolve the fully qualified hostname in that remote subnet. What do you think: Could this be something worth to be considered? Cheers, Chris _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev