workarounds for Host param not canonicalizing?

From: Ryan Barrett (secureshell_at_ryanb.org)
Date: 05/20/05

  • Next message: Richard Secor: "OpenSSH & ChRoot"
    Date: Fri, 20 May 2005 11:21:11 -0700 (PDT)
    To: secureshell@securityfocus.com
    
    

    hi all. the Host parameter in ssh_config matches against the hostname
    typed on the command line, as opposed to the canonicalized host name. this
    is to prevent DNS spoofing attacks, which is a Good Thing...

    ...but it does hurt usability if you routinely ssh to lots of machines.
    instead of "Host *.foo.com", you have to use "Host abc def ghi ...".
    needless to say, this is error-prone and hard to maintain.

    does anyone have any tips for handling this? (i use openssh versions 3.6
    through 3.9, on linux and openbsd.) thanks in advance...

    -Ryan

    --
    http://ryan.barrett.name/
    

  • Next message: Richard Secor: "OpenSSH & ChRoot"