workarounds for Host param not canonicalizing?

From: Ryan Barrett (
Date: 05/20/05

  • Next message: Richard Secor: "OpenSSH & ChRoot"
    Date: Fri, 20 May 2005 11:21:11 -0700 (PDT)

    hi all. the Host parameter in ssh_config matches against the hostname
    typed on the command line, as opposed to the canonicalized host name. this
    is to prevent DNS spoofing attacks, which is a Good Thing...

    ...but it does hurt usability if you routinely ssh to lots of machines.
    instead of "Host *", you have to use "Host abc def ghi ...".
    needless to say, this is error-prone and hard to maintain.

    does anyone have any tips for handling this? (i use openssh versions 3.6
    through 3.9, on linux and openbsd.) thanks in advance...



  • Next message: Richard Secor: "OpenSSH & ChRoot"