workarounds for Host param not canonicalizing?
From: Ryan Barrett (secureshell_at_ryanb.org)
Date: Fri, 20 May 2005 11:21:11 -0700 (PDT) To: firstname.lastname@example.org
hi all. the Host parameter in ssh_config matches against the hostname
typed on the command line, as opposed to the canonicalized host name. this
is to prevent DNS spoofing attacks, which is a Good Thing...
...but it does hurt usability if you routinely ssh to lots of machines.
instead of "Host *.foo.com", you have to use "Host abc def ghi ...".
needless to say, this is error-prone and hard to maintain.
does anyone have any tips for handling this? (i use openssh versions 3.6
through 3.9, on linux and openbsd.) thanks in advance...