SSH – Could Not Resolve Hostname with ~/.ssh/config and Aliases

linux-networkingssh

I have a config file ~/.ssh/config that looks something like this:

Host *.texas
  User john

Host *.texas !gateway.texas
  HostName %h.unitedstates.com
  ProxyJump gateway.texas

Host gateway.texas
  HostName ssh.texas.unitedstates.com

Host dallas austin
  HostName %h.texas
  RemoteCommand zsh -l

In summary, I expect that ssh dallas resolves to something like ssh -J ssh.texas.unitedstates.com john@dallas.texas.unitedstates.com zsh -l while ssh houston.texas resolves to ssh -J john@ssh.texas.unitedstates.com john@houston.texas.unitedstates.com. The second example works as expected but not the first one (unresolved hostname). I suspect that it has something to do with the %h.texas which should in turn be resolved as %h.unitedstates.com

Could anyone help?

Thanks!

Best Answer

As mentioned in the comments, by default recursive hostname resolution is not possible, but several options can help, including Match and CanonicalDomains/CanonicalHostName. In the end, I turned the problem around with something like this:

CanonicalDomains texas.unitedstates.com
CanonicalizeFallbackLocal no
CanonicalizeHostname yes

Host *.texas.unitedstates.com
  User john
  IdentityFile ~/.ssh/texas

Host *.texas.unitedstates.com !ssh.texas.unitedstates.com
  HostName %h
  ProxyJump ssh.texas.unitedstates.com

Host dallas austin
  HostName %h.texas.unitedstates.com
  RequestTTY yes
  RemoteCommand tmux new -As remote

More information on Canonicalization and on Match.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic