1035249 – Wildcard doesn't work in ~/.ssh/config

Bug 1035249 - Wildcard doesn't work in ~/.ssh/config

Summary: Wildcard doesn't work in ~/.ssh/config

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssh
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Lautrbach
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-27 11:35 UTC by Robin Hack
Modified:	2013-12-05 09:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-05 09:35:04 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Robin Hack 2013-11-27 11:35:43 UTC

Description of problem:
Hi.

I upgraded from rhel 6.5 to fedora 20 and I'm not able to use my ssh config configuration like usual.

Version-Release number of selected component (if applicable):
openssh-6.3p1-5.fc20.x86_64

How reproducible:
always


Steps to Reproduce:
1. setup ~/.ssh/config

cat << EOF > ~/.ssh/configa
Host github.com
        IdentityFile ~/.ssh/id_rsa.github
        User git

Host *.xxxx.microsoft.com
        IdentityFile ~/.ssh/id_rsa.stable
        User root
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null

Host winland.microsoft.com
        User root
        IdentityFile ~/.ssh/id_rsa.samba

Host winland.microsoft.com
        User root
        IdentityFile ~/.ssh/id_rsa.samba
EOF

2. $ ssh -v x86-64-6cn-v1.xxxx.microsoft.com

Actual results:
OpenSSH_6.3, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/eviluser/.ssh/config
debug1: /home/eviluser/.ssh/config line 5: Applying options for *.xxxx.microsoft.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to x86-64-6cn-v1.xxxx.microsoft.com [100.123.112.158] port 22.
debug1: Connection established.
debug1: identity file /home/eviluser/.ssh/id_rsa.stable type 1
debug1: identity file /home/eviluser/.ssh/id_rsa.stable-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a7:1b:6e:76:b2:84:64:2b:e9:6f:26:d0:07:ad:88:ee
Warning: Permanently added 'x86-64-6cn-v1.xxxx.microsoft.com,100.123.112.158' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Server host/x86-64-6cn-v1.xxxx.microsoft.com not found in Kerberos database
debug1: Unspecified GSS failure.  Minor code may provide more information
Server host/x86-64-6cn-v1.xxxx.microsoft.com not found in Kerberos database
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/eviluser/.ssh/id_rsa.stable
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: eviluser.microsoft.com
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: majak
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: Deader2
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: Stable systems
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: DTC - Debug tools for monkeys
Received disconnect from 100.123.112.158: 2: Too many authentication failures for root


Expected results:
ssh connection.


Additional info:
I have kerberos up and running as client.

Comment 1 Petr Lautrbach 2013-11-28 10:28:14 UTC

(In reply to Robin Hack from comment #0)
> cat << EOF > ~/.ssh/configa
               ^^^^^^^^^^^^^^
Typo in the report?


> 2. $ ssh -v x86-64-6cn-v1.xxxx.microsoft.com
> 
> Actual results:
> OpenSSH_6.3, OpenSSL 1.0.1e-fips 11 Feb 2013
> debug1: Reading configuration data /home/eviluser/.ssh/config
> debug1: /home/eviluser/.ssh/config line 5: Applying options for
> *.xxxx.microsoft.com

correct

> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 51: Applying options for *
> debug1: Connecting to x86-64-6cn-v1.xxxx.microsoft.com [100.123.112.158]
> port 22.
> debug1: Connection established.
> debug1: identity file /home/eviluser/.ssh/id_rsa.stable type 1

correct

> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/eviluser/.ssh/id_rsa.stable

key was offered but probably not accepted.

Does this work?

ssh -i /home/eviluser/.ssh/id_rsa.stable x86-64-6cn-v1.xxxx.microsoft.com

Note You need to log in before you can comment on or make changes to this bug.