Joerg Ruhe wrote:
I have a problem with the order in which openssh reads and applys the client configuration files (openssh 2.9.9p2 SuSE 7.3 ).
You are right. This is a bug since at least half a year in all SuSE's OpenSSH update versions. I have filed it as a bug in SuSE's bugzilla in January and have been keeping it open since. (For anyone with read access it is bug #12846) It is very easy to check. Take two minimal configuration files: ivory:~ > cat /etc/ssh/ssh_config Host * Port 222 ivory:~ > cat .ssh/config Host www.suse.de Port 999 And now connect to www.suse.de. You will see that the wrong port is used. ivory:~ > ssh -v www.suse.de OpenSSH_2.9.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Reading configuration data /home/kivory/.ssh/config debug1: Applying options for www.suse.de debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 500 geteuid 0 anon 1 debug1: Connecting to www.suse.de [213.95.15.200] port 222. This is definitely not what the documentation says (which makes it a bug). The first few lines of a default /etc/ssh/sshd_config say: *** begin part of /etc/ssh/ssh_config # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. *** end part of /etc/ssh/ssh_config I noticed this behavior with the parameters Port and Protocol. Possibly others are affected. I have not checked with the original OpenSSH Linux port from openssh.org but I know this behavior was different (= as documented) before SuSE's version 2.9.1. Kevin -- _ | Kevin Ivory | Tel: +49-551-37000041 |_ |\ | | Service Network GmbH | Fax: +49-551-3700009 ._|ER | \|ET | Bahnhofsallee 1b | mailto:Ivory@SerNet.de Service Network | 37081 Goettingen | http://www.SerNet.de/