Re: workarounds for Host param not canonicalizing?
From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 05/22/05
- Previous message: Hicks,Rodger: "SCP fails with publickey"
- In reply to: Ryan Barrett: "workarounds for Host param not canonicalizing?"
- Next in thread: Ryan Barrett: "Re: workarounds for Host param not canonicalizing?"
- Reply: Ryan Barrett: "Re: workarounds for Host param not canonicalizing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 May 2005 11:25:48 +0300 (IDT) To: Ryan Barrett <secureshell@ryanb.org>
On Fri, 20 May 2005, Ryan Barrett wrote:
> hi all. the Host parameter in ssh_config matches against the hostname
> typed on the command line, as opposed to the canonicalized host name. this
> is to prevent DNS spoofing attacks, which is a Good Thing...
>
> ...but it does hurt usability if you routinely ssh to lots of machines.
> instead of "Host *.foo.com", you have to use "Host abc def ghi ...".
> needless to say, this is error-prone and hard to maintain.
Could you elaborate on the problem. From man ssh_config:
Host Restricts the following declarations (up to the next
Host keyword) to be only for those hosts that match
one of the patterns given after the keyword. Asterisk
(*) and question mark (?) can be used as wildcards in
the patterns. A single * as a pattern can be used to
provide global defaults for all hosts. The host is the
hostname argument given on the command line (that is,
the name is not converted to a canonicalized host name
before matching).
so you CAN use `Host *.foo.com'
-- Regards, ASK
- Previous message: Hicks,Rodger: "SCP fails with publickey"
- In reply to: Ryan Barrett: "workarounds for Host param not canonicalizing?"
- Next in thread: Ryan Barrett: "Re: workarounds for Host param not canonicalizing?"
- Reply: Ryan Barrett: "Re: workarounds for Host param not canonicalizing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
