User: Password:
Subscribe / Log in / New account

What's new in OpenSSH 6.5 (and 6.6)

What's new in OpenSSH 6.5 (and 6.6)

Posted Mar 21, 2014 13:09 UTC (Fri) by ibukanov (guest, #3942)
In reply to: What's new in OpenSSH 6.5 (and 6.6) by djm
Parent article: What's new in OpenSSH 6.5 (and 6.6)

> ProxyCommands can't change the hostname used for matching the hostkey.

I do not see why this is an issue. From ssh point of view I can always use a stable name like or How such name is turned into a connected socket inside ProxyCommand does not matter. And if one wants a convenience, then one can always use something like:

Host foo bar whatever
ProxyCommand %h ...

where the first %h will be foo while the second %h feeds to the proxy command.

(Log in to post comments)

What's new in OpenSSH 6.5 (and 6.6)

Posted Mar 23, 2014 7:26 UTC (Sun) by djm (guest, #11651) [Link]

Sure, that works if you want to emulate only a single DNS search suffix

What's new in OpenSSH 6.5 (and 6.6)

Posted Mar 23, 2014 9:28 UTC (Sun) by ibukanov (guest, #3942) [Link]

That works for any number of prefixes as I can group individual names into different Host statements corresponding to different dns suffixes. And if there is a name clash, I can give own aliases to resolve the clash.

AFAICS the new functionality is primary useful for administrators who want to simplify the life for the users in advance so a user who does not want to edit ssh/.config on a company laptop can always type ssh short-name no matter if the laptop is on the intranet or internet and even if the company uses several dns zones.

This is not a common use case and does not justify the complexity of the new rules when the same can be trivially archived by extending the proxy command to both return the the universal name corresponding to the given short name and to connect to that name.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds