Using both OpenSSH_7.9p1 or OpenSSH_9.0p1 installed via Homebrew on MacOS X 10.14 (Mojave) I'm trying to connect to a host that has A and AAAA DNS records, where the AAAA is wrong (not under my control). When connecting, IPv6 is tried, then after a timeout is reached, IP4 connects just fine. Using the `ssh -4 host` argument, the connection uses v4 right away, as expected. So, being lazy, I decided to set `AddressFamily inet` in my .ssh/config. To my surprise, this has no effect. SSH tries a v6 connection, then falls back to v4, as if the option were not set. It is, though. Verifying with `ssh -G host`, i get the expected `addressfamily inet` line. The output is no bit different than the one i get from `ssh -4 -G host` Am I expecting or doing something wrong? Hesitating to file a bug, stumbled upon unexpected but technically not wrong behaviour a few times lately.
I'm not able to replicate this unfortunately. Please attach the debug output from a session failing to do the right thing (ssh -vvv ...)
Created attachment 3669 [details] conffile + verbose output reduced the config to only the most relevant stuff
Huh, found it. Because of canonicalization, the hostname is resolved before its canonical form is parsed in the config. This lookup must be cached and not resolve both A and AAAA records for later decision which of both to use.
Just checked, the lookup is for both (A and AAAA) records. Anyways, the IP4/IP6 decision is made too early. AddressFamily is not used like -G output suggests. Change "Host lazy.actual-domain.redacted" to "Host lazy lazy.actual-domain.redacted", does the trick for now. It's still a bug, though. I can picture myself wanting to force v4/v6 upon a whole CanonicalDomain and not create a Host matching for each host :) This makes me think about -W and things like LocalForward or ProxyCommand. This will be a *mess* once my company finally decides to go IPv6.