Using the Host declaration properly

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am trying to construct an ssh_config that behaves differently for:
- local network non-FQDN hosts
- local network FQDN hosts
- non-local (=> FQDN) hosts

So I have:

Host *
...local non-FQDN config...

Host *
...local FQDN config...

Host *.*
...non-local config...

But ssh seems to take "Host *" and run with it; it matches every host,
even if there is a more specific match elsewhere.

I could not find a way to specify a network in the usual notation, such
as Host, since this would be the optimal thing to do in this

Any suggestions?

Re: Using the Host declaration properly

(assuming OpenSSH in the following)

Quoted text here. Click to load it

ssh_config is first-match not last-match so you need to put the "Host *"
at the end of the file.  From the ssh_config(5) man page:

     For each parameter, the first obtained value will be used.  The configu-
     ration files contain sections separated by "Host" specifications, and
     that section is only applied for hosts that match one of the patterns
     given in the specification.  The matched host name is the one given on
     the command line.

Quoted text here. Click to load it

There's no way to use CIDR notation in Hosts directives.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Using the Host declaration properly

Quoted text here. Click to load it

It didn't occur to me that the aforementioned ordering would also apply
to Host stanzas themselves.  I was thinking of it as applied to options
that the user accidentally specified more than once.  But it makes
because as soon as you entered the first Host stanza, that variable has
been set, and cannot then be reset to a different value as the
documentation states.


Re: Using the Host declaration properly

Quoted text here. Click to load it

Perhaps you want to put that one last then?

Darren Dunham                                 
Senior Technical Consultant         TAOS   /
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Site Timeline