https://bugzilla.mindrot.org/show_bug.cgi?id=3555
Damien Miller <d...@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
CC| |d...@mindrot.org
--- Comment #1 from Damien Miller <d...@mindrot.org> ---
This is working as intended.
When hostname canonicalisation is enabled, the configuration is parsed
twice. An initial pass to collect options and then a second pass after
the hostnames are finalised. Most configuration options operate as
"first match wins"
So what's happening here is that, on the first pass, your the "Host *"
block is being parsed and the ForwardAgent option is being set to "no".
On the subsequent pass, the ForwardAgent directive in the "Match
canonical" block is ignored because it's already set.
You can avoid this by only setting the fallback ForwardAgent on the
final pass, e.g.
----
Host bastion
ProxyJump none
Match canonical
ProxyJump bastion
ForwardAgent yes
Match all
CanonicalizeHostname always
CanonicalDomains mydomain.co.uk
CanonicalizeMaxDots 0
CanonicalizeFallbackLocal yes
Match canonical all
ForwardAgent no
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
