似乎以下内容会按预期工作,即具有与第一条规则匹配的主机名的第二条规则将应用它。
Host *.hostname.com
User myuser
IdentityFile ~/.ssh/myidentity
Host blah
HostName complicated.hostname.com
但是,键入ssh blah仅适用于第二个规则(而不是第一个的用户或身份文件)。
我有两个问题:
slm*_*slm 11
从ssh_config手册页:
对于每个参数,将使用第一个获得的值。配置文件包含由“主机”规范分隔的部分,该部分仅适用于与规范中给出的模式之一匹配的主机。匹配的主机名是命令行上给出的主机名。
由于使用了每个参数的第一个获取值,因此应在文件开头附近给出更多特定于主机的声明,并在末尾给出一般默认值。
此外,如果您不清楚 Host 和 PATTERNS 的功能,我会确保我理解这两个部分。只有 1 个级别的匹配正在进行。这个工具的正则表达式功能非常基础,但是一旦你掌握了它,它仍然很强大。
The possible keywords and their meanings are as follows (note that keywords
are case-insensitive and arguments are case-sensitive):
Host Restricts the following declarations (up to the next Host keyword)
to be only for those hosts that match one of the patterns given
after the keyword. If more than one pattern is provided, they
should be separated by whitespace. A single ‘*’ as a pattern can
be used to provide global defaults for all hosts. The host is the
hostname argument given on the command line (i.e. the name is not
converted to a canonicalized host name before matching).
A pattern entry may be negated by prefixing it with an exclamation
mark (‘!’). If a negated entry is matched, then the Host entry is
ignored, regardless of whether any other patterns on the line
match. Negated matches are therefore useful to provide exceptions
for wildcard matches.
See PATTERNS for more information on patterns.
A pattern consists of zero or more non-whitespace characters, ‘*’ (a
wildcard that matches zero or more characters), or ‘?’ (a wildcard that
matches exactly one character). For example, to specify a set of
declarations for any host in the “.co.uk” set of domains, the following
pattern could be used:
Host *.co.uk
The following pattern would match any host in the 192.168.0.[0-9] network
range:
Host 192.168.0.?
A pattern-list is a comma-separated list of patterns. Patterns within
pattern-lists may be negated by preceding them with an exclamation
mark (‘!’). For example, to allow a key to be used from anywhere within an
organisation except from the “dialup” pool, the following entry
(in authorized_keys) could be used:
from="!*.dialup.example.com,*.example.com"
您的方法的问题在于,与第一个主机部分匹配的模式与第二个主机部分不匹配。我通常做这样的事情:
Host *
User myuser
IdentityFile ~/.ssh/myidentity
Host blah
HostName complicated.hostname.com
人们通常不会接受这些规则的一件事是他们可以重复。所以我经常做的是有多个部分,我使用Host *'s将它们分开。
Host *
User user1
Host blah1
HostName complicated1.hostname.com
Host blah2
HostName complicated2.hostname.com
Host *
User user2
SSH 应用与命令行上提供的主机名匹配的所有部分(即HostName它遇到的规则不影响后续条件检查)。如果CanonicalizeHostname启用,它将在完成后使用更新的主机名再次重新应用配置文件。(某些 SSH 版本不管怎样都这样做了,CanonicalizeHostname并且您的示例适用于这些版本;但 SSH 开发人员认为这是一个错误。请参阅#2267。)
这意味着您可以CanonicalizeHostname通过添加来使您的示例工作
Host *
CanonicalizeHostname yes
CanonicalizeFallbackLocal no
这不会进行任何规范化,但可以使用更新的主机名进行第二次传递。(请注意,它仍然不会使配置解析“递归”,只需重复一次。因此,如果您更改主机名两次,那将不起作用。)