Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!


computers / comp.security.ssh / openssh client behavior with default local config file vs using "ssh -F ~/.ssh/config.other"

SubjectAuthor
o openssh client behavior with default local config file vs using "sshD Youatt

1
Subject: openssh client behavior with default local config file vs using "ssh -F ~/.ssh/config.other"
From: D Youatt
Newsgroups: comp.security.ssh
Date: Tue, 17 Mar 2020 16:21 UTC
X-Received: by 2002:aed:34a3:: with SMTP id x32mr356700qtd.306.1584462090493;
Tue, 17 Mar 2020 09:21:30 -0700 (PDT)
X-Received: by 2002:a05:6214:10c2:: with SMTP id r2mr5865044qvs.83.1584462090281;
Tue, 17 Mar 2020 09:21:30 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder7.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Tue, 17 Mar 2020 09:21:29 -0700 (PDT)
Complaints-To: groups-abuse@google.com
Injection-Info: google-groups.googlegroups.com; posting-host=24.17.201.80; posting-account=50Ef_woAAACvKKRxYLC4NLBda7IqTPT5
NNTP-Posting-Host: 24.17.201.80
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <0428549b-8a99-4a9d-9da4-b2c1d8e74633@googlegroups.com>
Subject: openssh client behavior with default local config file vs using "ssh
-F ~/.ssh/config.other"
From: youat...@gmail.com (D Youatt)
Injection-Date: Tue, 17 Mar 2020 16:21:30 +0000
Content-Type: text/plain; charset="UTF-8"
View all headers
I'm using openssh (client) on Ubuntu bionic.
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017


and have a local ~/.ssh/config.other file with hosts defined to proxy through a bastion host.  It looks like:

# Copied from /etc/ssh/ssh_config
Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

UserKnownHostsFile ~/.ssh/my_known_hosts

Host my.bastion my-aws1
  IdentityFile ~/.ssh/mypk
  Port 12345
  User auser
  # bastion host uses IP addr
  Hostname NN.MM.PP.QQ

Host my.primary my-aws1-primary
  IdentityFile ~/.ssh/mypk
  Port 22
  User auser
  Hostname my.host.name
  ProxyCommand ssh -A -q my.bastion -W %h:%p

Both the bastion host and destination host are recent Amazon Linux default installations.



If the config file with the contents above is in ~/.ssh/config, and I just "ssh my.primary" it happily connects and logs in.

If the config file is ~/.ssh/config.other and I use "ssh -F ~/.ssh/config.other my.primary", it fails with


bash> ssh -vvv -F ~/.ssh/config.support my.primary
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /home/me/.ssh/config.support
debug1: /home/me/.ssh/config.support line 1: Applying options for *
debug1: /home/me/.ssh/config.support line 20: Applying options for my.primary
debug1: Executing proxy command: exec ssh -A -q my.bastion -W my.host.name:22
debug1: permanently_drop_suid: 1000
debug1: identity file /home/me/.ssh/CrunchySupport type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/me/.ssh/CrunchySupport-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
ssh_exchange_identification: Connection closed by remote host


Why the difference using "ssh -F ~/.ssh/config.other ..."?




1
rocksolid light 0.7.2
clearneti2ptor