1

I have two platforms with many servers I want to connect to via ssh.

I have in resolv.conf

search domain1.net domain2.org

So I only have the machine name to type for ssh.

I want to have an ssh config per domain:

  • user admin for every machine of domain1.net
  • user root for every machine of domain2.org

How can I achieve that ?

Host, Hostname directives seems to only works with what you type in the ssh command, not what is expanded with DNS suffixes

exeral
  • 1,787
  • 11
  • 21
  • I don't think this is going to be possible without some significant code changes. Handling of `search` is done in a library and the `ssh` code doesn't see the full name at any point. – kasperd Aug 02 '18 at 08:11

4 Answers4

1

I believe OpenSSH CAN do canonicalization. Please have a look at the following options in ssh_config man page:

  • CanonicalizeHostname
  • CanonicalizeFallbackLocal
  • CanonicalizeMaxDots
  • CanonicalizePermittedCNAMEs
  • Host
  • Match with canonical option

Please note, this may require newer OpenSSH version than the one you have (I have 7.4p1).

Tomek
  • 3,390
  • 1
  • 16
  • 10
0

another approach that could come handy to others utilizes (relatively) new ssh_config features that allow for include files and even the include can be conditional.

I'm just going to share an obfuscated example from my config that tests that if

  • my phone is connected over USB and
  • I don't have another network connection (I don't have a default route)

Then it will include another file that routes some ssh things thru my phone

Match exec "[ -e /dev/serial/by-id/usb-SAMSUNG_SAMSUNG_Android_XXXXXXXX-if01 ] && ! ip route| grep -q ^default"
    Include blahblah_termux.ssh

You should be able to have a ~/.ssh/domain1.ssh & ~/.ssh/domain2.ssh and include those based on a Match test (your test would obviously be customized)

nhed
  • 590
  • 1
  • 8
  • 14
0

As kasperd said, this is not really possible.

Some workarounds:

  • I just use some small shell variables to expand $e to example.org for things I don't access so often. Others are listed in ~/.ssh/config anyway with a short name. You use it like so: 

    ssh www.$e

    With this, you can use the standard ~/.ssh/config method.

  • Another option: Write a small wrapper script or shell function for ssh that catches the hostname and expands it, something like this: 

    #!/bin/bash
hn=`host $1 | cut -d ' ' -f 1`
ssh $hn

    If you call it with sshwrapper.sh www, it will expand www to www.example.org and use this for ssh.

Sven
  • 98,649
  • 14
  • 180
  • 226
0

backing what @sven said, a tiny bash function can do the same:

ssh() {
    declare h=$(host $1 | head -n 1 | cut -d ' ' -f 1)
    command ssh $h
}

Put this somewhere in one of your sourced files, e.g. .profile, and it's always fixing up the name from the search order in /etc/resolv.conf

dithotx
  • 1