Wilcard ssh 配置不再匹配

tag-icon tag-icon ssh
Wilcard ssh 配置不再匹配

我有这个 ssh 配置:

Host git.domain.net
    Port 22

Host *.domain.net
    Port 2121

Host bastion
    HostName nx4201.domain.net
    User dummy

Host project_production
    HostName nx4242.domain.net
    User project

我使用的是 Ubuntu 15.10,并且正在ssh project_production运行,使用端口 2121 连接到 nx4242.domain.net。

我现在全新安装了 Ubuntu 16.04,并重新导入了相同的配置文件(它是私有 git 存储库下的版本控制)。

这不再起作用:

$ ssh -vvv project_production 
OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /home/sullivan/.ssh/config
debug1: /home/sullivan/.ssh/config line 12: Applying options for project_production
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "nx4242.domain.net" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to nx4242.domain.net [178.170.104.70] port 22.

正如您所看到的,ssh 现在尝试连接端口22并且不关心*.domain.net规则。

我知道我可以指定每个主机上的端口,但我有很多主机。

为什么现在不起作用但在旧系统上起作用?如何修复它?

仅供参考,这是系统 ssh 配置文件:

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

SSH 版本:

$ ssh -V
OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g  1 Mar 2016

答案1

我终于在这里找到了答案:https://superuser.com/a/1024928/650657

简而言之,我必须添加这一行:

CanonicalizeHostname yes
Host *.mydomain.com
    User myusername

Host host1
    HostName host1.mydomain.com

这样,配置文件将被重新解析。

CanonicalizeHostname奇怪的是我之前不需要使用这个选项......

相关内容