Currently, the Host configuration directive in ssh_config restricts only to hosts following the keyword "HOST". It supports wildcard patterns '*' and '?'. This is an enhancement request to make it support for subnets as well.
I'd like to see this but it is tricky. The problem with allowing IP address matching in ssh_config is that we don't know the address that we will be connecting to when we parse the file unless the user has happened to directly specify an IP address instead of a domain name. We need to pass through the config file prior to address resolution because a Hostname directive may remap the actual target that we are connecting to. A solution to this is to make a second pass through the config file once we have resolved the address. Unfortunately, this is complex - a hostname might resolve to multiple addresses, each of which might set different, even contradictory, options. Worse, we can't just save and restore client options easily since there is a fair bit of linked state so we would need to solve this first.
This might well turn out to be too confusing to deploy, but I'll try to take a look at it this release.
Retarget unresolved bugs/features to 6.0 release
Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't)
Retarget from 6.0 to 6.1
Retarget 6.0 => 6.1
Retarget uncompleted bugs from 6.1 => 6.2
Retarget bugs from 6.1 => 6.2
Perhaps this could be simplified by adding a new keyword, such as Address, that would function similarly to the Host keyword, except that it would match against the IP address of the remote host. To avoid having to parse the configuration twice, we could stipulate that the first Address section triggers an address lookup and that subsequent HostName options would have no effect on the address that ssh would connect to. We could also recommend that all Host sections occur before any Address sections. However, there could still be issues if an Address section appears in the user's configuration file and there is a relevant Host section in the system-wide file. This approach has the advantage that existing configurations would be unaffected; even those that have explicit IP addresses on Host lines.
retarget to openssh-6.3
Retarget to openssh-6.4
Retarget 6.3 -> 6.4
This won't be in the 6.4 release. I'd like to implement this one day, but it is a lot of very fiddly work to get right.
Created attachment 2409 [details] ssh config for local subnets
Created attachment 2410 [details] python script to test local ip
Created attachment 2411 [details] debug data with the proposed config
To have a subnet matching would be great, but we can from 6.4 use the match directive, look at the attachments for an exemple to change the ciphers for a quicker and less secure cipher when on a local subnet.
*** Bug 2645 has been marked as a duplicate of this bug. ***