Strange anomaly in ~/.ssh/config

daniel.m.tripp · February 12, 2019, 3:52am

I recently discovered some very useful and productive features in OpenSSH 7.3 and later…

“Include” files! Awesome! Wow!
Much simpler ProxyJump settings…

However they break (stop it working) OpenSSH 7.2 and earlier clients…

So I have to have “special” configs for machines with old SSH clients (e.g. Ubuntu 16.04.5 seems to be stuck on OpenSSH_7.2p2), I can live with this a workaround. On everything else, my ~/.ssh/config is actually a symlink to a file I keep sync’d via Resilio Sync, and I’ve broken it up into more manageable files, a “master” config, with include entries for my home network, and a couple of customers…

However - just this morning I came across an ugly “anomaly” on Ubuntu 18.10 laptop I keep at work… Try to SSH to anything by an “alias / nickname” entry in my ~/.ssh/config file - and it comes back “temporary failure in name resolution”… e.g. my Resilio Sync box that travels to work and home again with me :
ssh ffrwchnedd (it’s a BananaPi running Armbian 5.7/Bionic Beaver - ffrwchnedd is Welsh for banana) and I get “temporary failure in name resolution”… the entry in my ssh config file :

Host ffrwchnedd ffrwchnedd.local bananapi ffrwchledd
Hostname ffrwchnedd.local
# Resilio Sync portable thing
User x
But I can “ssh x@ffrwchnedd.local” successfully (using avahi name resolution).

And same issue when trying to connect to one of my customer’s jumphost/gateways :

Host jumphost
Hostname x.x.x.x
User >redacted<

I cannot “ssh jumphost” - I get “temporary failure in name resolution”. I’m not actually even trying to lookup the machine by host - I have the IP address in my SSH client configs! To compare I can do "ssh >redacted<@x.x.x.x (i.e. IP address of the jumphost).

I tweaked my /etc/nsswitch.conf a bit to no avail - rebooted twice - no avail…

Then I grabbed my ~/.ssh/config file and appended the three “include” files into it (using “cat” - what it was made for, i.e. conCATenating text), removed the “include” directives - and it’s all working again… bizarre!

Here’s my “old” ~/.ssh/config with includes :

Host *
ServerAliveInterval 300
ServerAliveCountMax 2

Host wktenrji
Hostname xx.xx.xx.xx
User x

Include ~/bin/configs/home
Include ~/bin/configs/customer1
Include ~/bin/configs/customer2

I did “cat config home customer1 customer2 > ~/.ssh/new_config”, removed those “Include” lines - and it’s all working again - I don’t get it!

I connected to my home network from here - tested the “same” (i.e. w/ “Include” entries) on a couple of Ubuntu 18.04 machines and they’re all “working”…

Akito · February 12, 2019, 4:01am

Probably not a solution to solve all your problems, but I am posting this anyway, because it is the first thing that came to my mind reading your post, that reminded me of the same situation, where I could only connect with IP or by appending .local to the hostname. I remember editing the hosts file similar or as described in the answers, after I had a lot of trouble connecting through hostnames. Then, it somehow started to work on all machines, maybe because of an SSH server patch, or something, because I didn’t apply this fix to all machines. Well, maybe it can give you at least a temporary workaround of some sorts.

daniel.m.tripp · February 12, 2019, 4:44am

Heya mate - thanks for the suggestion - however : I’ve “grown out” of putting stuff in /etc/hosts… then having to change it if I get a different DHCP lease… on my home wifi/router DHCP I do set dedicated leases - but even that’s a bit of PITA - just easier to go dynamic and rely on bonjour/zeroconf/avahi…

At home (and sometimes at work - e.g. between my Ubuntu laptop and BananaPi over ethernet) - I rely pretty much on avahi to do name resolution… it all just seems to work (in Debian and Ubuntu anyway - had issues trying to get it to play nice in Red Hat “land” [CentOS, Fedora, OEL and RHEL] - but it doesn’t matter - 'cause I choose not to run any of those anyway, other than supporting them in my job in corporate environments with DNS)…

This ssh problem is nothing to do with name resolution (IMHO) - because when I get these “symptoms”

e.g. ssh CONFIG_ENTRY_ALIAS - it doesn’t work (where Hostname entry in ~/.ssh/home is either IP address, or “working” avahi hostname)

ssh ffrwchnedd (broken “ssh: Could not resolve hostname ffrwchnedd: Name or service not known”)
ping ffrwchnedd.local (working)
ssh user@ffrwchnedd.local (working)
http://ffrwchnedd.local:8888/ (working - webpage for configuring Reslio Sync)

there is no entry for ffrwchnedd or ffwchnedd.local in my /etc/hosts…

Cheers anyway