Ubuntu
openssh package

6.9 stopped respecting "User" in previous stanzas

Bug #1487361 reported by Martin Pitt
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

My ~/.ssh/config has

Host *.canonical.com
    User pitti

and some convenience aliases as the actual host names change from time to time:

Host cdimage
    HostName nusakan.canonical.com

Host langpack
    HostName macquarie.canonical.com

For years, until the previous Wily version 6.7 this was working as expected. But since today with 6.9 trying to ssh to e. g. langpack stopped taking the "User pitti" into account:

$ ssh -v cdimage
[...]
debug1: Authenticating to nusakan.canonical.com:22 as 'martin'
[...]
Permission denied (publickey).

"martin" is my local user name at my laptop, i. e. the default when "User" isn't set.

If I don't use the alias and do "ssh nusakan.canonical.com" it does apply the User setting.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: openssh-client 1:6.9p1-1
ProcVersionSignature: Ubuntu 4.1.0-3.3-generic 4.1.3
Uname: Linux 4.1.0-3-generic x86_64
ApportVersion: 2.18-0ubuntu7
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Aug 21 10:14:46 2015
EcryptfsInUse: Yes
RelatedPackageVersions:
 ssh-askpass N/A
 libpam-ssh N/A
 keychain N/A
 ssh-askpass-gnome 1:6.9p1-1
SSHClientVersion: OpenSSH_6.9p1 Ubuntu-1, OpenSSL 1.0.2d 9 Jul 2015
SourcePackage: openssh
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Martin Pitt (pitti) wrote :
Martin Pitt (pitti)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssh (Ubuntu):
status: New → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Andy pointed out "Match"; I haven't heard of/used it before, but doing

Match Host *.canonical.com
    User pitti

gives exactly the same behaviour.

Revision history for this message
Colin Watson (cjwatson) wrote :

I think this was deliberate upstream, probably this:

    - ssh(1): Tweak config re-parsing with host canonicalisation - make the
      second pass through the config files always run when host name
      canonicalisation is enabled (and not whenever the host name changes)

In fact this was not documented to work before; even in Debian stable the documentation for Host says "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching)."

Try "CanonicalizeHostname yes", which is documented to control this.

Revision history for this message
Martin Pitt (pitti) wrote :

"CanonicalizeHostname yes" does not make any difference. Also, that part actually seems to work fine ("ssh langpack" correctly resolves to macquarie.canonical.com), it's the User from the previous Host * match which isn't applied.

Revision history for this message
Colin Watson (cjwatson) wrote :

It makes a difference for me, but CanonicalizeHostname has to be in the right part of the file (not inside an inapplicable Host block; note that indentation doesn't actually matter). Perhaps I could see your whole .ssh/config?

Revision history for this message
Martin Pitt (pitti) wrote :

Ah, thanks! I indeed had it after a Host block with indentation / paragraph, so I was misled in thinking of them as actual "paragraphs". Putting CanonicalizeHostname at the top of the file indeed works.

So it seems this was a deliberate change, or just accidentally happened to work before. So I guess we can close this. Thank you for your help!

Changed in openssh (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.