Closed TheoTechnicguy closed 6 months ago
Hey, thanks for the support and the feedback !
It is true that at least the port should be get precedence when provided from the cli, so if you're up to do a PR for handling the port, it is very much appreciated. :smile:
For the HostName, I am not totally sure where the 0.0.0.0
comes from in your example, as I can't see it in your config.
When doing a test on OpenSSH version 9.3p1
with the following config:
Host *
HostName 127.0.0.2
Port 3333
, with the following command I obtain:
user@localhost:~$ ssh -v user@127.0.0.1 -p 2222
OpenSSH_9.3p1, OpenSSL 3.1.1 30 May 2023
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to 127.0.0.2 [127.0.0.2] port 2222.
debug1: connect to address 127.0.0.2 port 2222: Connection refused
ssh: connect to host 127.0.0.2 port 2222: Connection refused
It tries to connect to port 2222 given in the CLI but on host 127.0.0.2 provided in the config. So it looks the CLI takes precedence for the port, but not the hostname (which makes sense to me in this case).
So it seems we only need to update the precedence for the port, do you agree ?
Sorry for the omitted Hostname
configuration value. I played around while writing the issue and have forgotten to include that.
I have tested the hostname precedence, and get the same behaviour using 9.5p1
. Although the man page does not exempt this behaviour from the standard priority, I am guessing that it would be difficult to prioritize CLI hosts that do not match any canonicalized hostnames but still are FQDNs or IP addresses.
Thank you for your input, I will consider all of this in my PR!
:wave: ! Let me start with saying that I absolutely :heart: the idea! I currently use OIDC to create SSH certificates, which works, but requires external helpers. I think it would be great to streamline the authentication process!
The bug
I found that the client prefers the configuration from the file over the CLI host/port.
My
~/.ssh/config
For me, this qualifies as a bug because, even though my default hostname is
0.0.0.0
and port is9922
, not all run on this port (most, actually, don't). If host127.0.0.1
(or port22
) is specified, I actually want to connect to127.0.0.1
. I would find it cumbersome to have to change the configuration file every time I want to connect to a server with a different hostname/port. Granted, it is unusual to have a default hostname, but having a default custom port is not, Imo.Using the CLI arguments is actually the behaviour of OpenSSH-client (see
man 5 ssh_config
).My solution
I would change the variable setting to first consider the hostname/IP/port/... from the CLI and fill the missing fields from the configuration files.
I believe it is enough to swap lines 413 and 415 in
cli/client/main.go
for the hostnameand 420/422 for the port.
This works on my machine(tm).
As this repository does not have any guidelines on contributing, I am rasing this issue. If you advise me on how I should contribute, I would be happy to help out ^-^