Hello, It seems that the User directive isn't resolved correctly inside a Host anymore. Example below - note ssh is using matthewfl not matt.fleming as configured. This was working fine with a previous version. It works correctly if the top level User is removed. # ~/.ssh/config # https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt UseRoaming no Compression yes User matthewfl Host aws-bastion User matt.fleming Hostname 54.252.158.21 Host dev-* User matt.fleming ProxyJump matt.fleming@54.252.158.21 Host dev-ssw HostName 172.22.5.60 User matt.fleming ❰matthew❙~/.ssh❱✔≻ ssh dev-ssw matthewfl@172.22.5.60: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). ❰matthew❙~/.ssh❱✘≻ ssh aws-bastion matthewfl@54.252.158.21: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
This is how it's always worked: first match for a specifc keyword wins. Quoting ssh_config(5): For each parameter, the first obtained value will be used. The configu- ration files contain sections separated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. If you want to override User, put it at the top of the file. If you want to provide a default User, put it at the bottom of the file.
OpenSSH 9.3 has been released. Close resolved bugs