I use Juniper Networks network connect to connect to the office network. Once i am inside the office network, i check the server ips and add entries for them in /etc/hosts file like, 10.199.xx.yy offi When i come out of the VPN network into public domain, network connect resets all changes it made and brings my /etc/hosts file to the state it was in before entering the network. I think, this behaviour is Juniper Network connect's expected behaviour as it adds an entry on the top of the hosts file as, # BEGIN hosts added by Network Connect 61.xx.yy.zz vpn.ip.com # END hosts added by Network Connect But in trying to reset its own entries, network connect reset the user made entries as well.. I tried to make /etc/hosts as immutable using chattr +i /etc/hosts but that caused my vpn login to fail as network connect comes out, if it fails to write into /etc/hosts

I can browse my server site using ip:8080 which is inside my home network.But I am not able to browse using hostname:8080 I do not have dns server. I have edited /etc/hosts file to include hostname and ip. I can ping using hostname. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.16.2.12 apple.myserver.com 10.16.2.22 ball.myserver.com 10.16.2.20 cat.myserver.com 10.16.2.19 dog.myserver.com 10.16.2.18 elep.myserver.com Similar Issue Here .

Seems my hosts file (/etc/hosts) points to /nix/store/gds7bha3bx0a22pnzw93pgf0666anpyr-etc-hosts and is read only. How am I meant to modify this file?

I have an entry like this in /etc/hosts:

fe80::XXXX:XXff:feXX:XXXX%enp0s25 test-ipv6

This is a link-local address. I've masked out my MAC address (with the 7th most significant bit flipped) for this post. I can ping the address, but pinging test-ipv6 gives

ping: test-ipv6: Name or service not known

* Why doesn't it work? * Is there a different way to assign an IPv6 link-local address to a hostname? I'm using Arch Linux with kernel version 4.17.2. **EDIT:** this is mostly a duplicate of https://unix.stackexchange.com/questions/174767/ipv6-zone-id-in-etc-hosts .

Been googling this but found very ambiguous answers and I'm curious if I should modify these values, my VPS hosts file looks like this:

127.0.0.1	localhost
127.0.1.1	debian
144.17.4.xx	porter.info		porter
...

Everything works fine but I'm curious about the "127.0.1.1 debian" part, should I keep it or rename it?

I have kind of tricky situation. I have monitoring tool where all my hosts and their VM's (with IP's and so on) are listed. But what I need is to resolve on which host(need it's ip or hostname) this monitoring tool is because tool does not list itself. I know that the main point of virtualization is to not show that but maybe there is any way to get any info when connected to *VM* about it's ***host***?

I'm running a CentOS server (7.0) and I'd like to login via sshd as a user, not root. So I set PermitRootLogin no in the config file and su - after login. I've received lots of hacking activities and I decided to allow only one user to login via sshd. Since the username is not my real name or any common name, I think it would be good enough. Let's say it's 'hkbjhsqj'. I've tried both ways introduced on nixCraft: AllowUsers in sshd_config or pam_listfile.so in PAM . The only problem to me is that anyone else still has chances to type in passwords and that leaves records in /var/log/secure. I assume these actions consumes my server's resources to run password checking and other stuff. Let's say I try to login with the username 'admin': www$ ssh admin@0.0.0.0 admin@0.0.0.0's password: Permission denied, please try again. admin@0.0.0.0's password: Permission denied, please try again. admin@0.0.0.0's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). and in the secure log: Aug 8 08:28:40 www sshd: pam_unix(sshd:auth): check pass; user unknown Aug 8 08:28:40 www sshd: pam_listfile(sshd:auth): Refused user admin for service sshd Aug 8 08:28:43 www sshd: Failed password for invalid user admin from 192.168.0.1 port 52382 ssh2 Aug 8 08:28:47 www sshd: pam_unix(sshd:auth): check pass; user unknown Aug 8 08:28:47 www sshd: pam_listfile(sshd:auth): Refused user admin for service sshd Aug 8 08:28:50 www sshd: Failed password for invalid user admin from 192.168.0.1 port 52382 ssh2 Aug 8 08:28:52 www sshd: pam_unix(sshd:auth): check pass; user unknown Aug 8 08:28:52 www sshd: pam_listfile(sshd:auth): Refused user admin for service sshd Aug 8 08:28:55 www sshd: Failed password for invalid user admin from 192.168.0.1 port 52382 ssh2 Aug 8 08:28:55 www sshd: Connection closed by 192.168.0.1 [preauth] Aug 8 08:28:55 www sshd: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.1 While all this will not happen if I add the IP in /etc/hosts.deny: www$ ssh admin@0.0.0.0 ssh_exchange_identification: Connection closed by remote host and in the secure log: Aug 8 08:35:11 www sshd: refused connect from 192.168.0.1 (192.168.0.1) Aug 8 08:35:30 www sshd: refused connect from 192.168.0.1 (192.168.0.1) So my question would be, is there a way I can refuse all irrelevant users' ssh requests from anywhere without password checking, like I put them in the hosts.deny list? But at the same time I do need allow all ssh requests with the username 'hkbjhsqj' from anywhere and check the password then.

I use dnsmasq with "hosts" as a domains table provider. When I am trying to nslookup mole.mishland, it throws that: nslookup mole.mishland Server: 192.168.0.34 Address: 192.168.0.34#53 Name: mole.mishland Address: 192.168.0.34 ** server can't find mole.mishland: REFUSED But I can succesfully dig, ping this domain and telnet 53 port: ; > DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu > mole.mishland ;; global options: +cmd ;; Got answer: ;; ->>HEADERname queries for 192.168.3/24 to nameserver 10.1.2.3 #server=/3.168.192.in-addr.arpa/10.1.2.3 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. #local=/localnet/ # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local # web-server. #address=/mole.mishland/192.168.0.34 # --address (and --server) work with IPv6 addresses too. #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 # Add the IPs of all queries to yahoo.com, google.com, and their # subdomains to the vpn and search ipsets: #ipset=/yahoo.com/google.com/vpn,search # Add the IPs of all queries to yahoo.com, google.com, and their # subdomains to netfilters sets, which is equivalent to # 'nft add element ip test vpn { ... }; nft add element ip test search { ... }' #nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search # Use netfilters sets for both IPv4 and IPv6: # This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses. #nftset=/yahoo.com/4#ip#test#vpn4 #nftset=/yahoo.com/6#ip#test#vpn6 # You can control how dnsmasq talks to a server: this forces # queries to 10.1.2.3 to be routed via eth1 # server=10.1.2.3@eth1 # and this sets the source (ie local) address used to talk to # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that # IP on the machine, obviously). # server=10.1.2.3@192.168.1.1#55 # If you want dnsmasq to change uid and gid to something other # than the default, edit the following lines. #user= #group= # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=enp5s0 # Or you can specify which interface _not_ to listen on #except-interface= # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) listen-address=192.168.0.34, 127.0.0.1 # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. #no-dhcp-interface= # On systems which support it, dnsmasq binds the wildcard address, # even when it is listening on only some interfaces. It then discards # requests that it shouldn't reply to. This has the advantage of # working even when interfaces come and go and change address. If you # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. bind-interfaces # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use # this. #addn-hosts=/etc/banner_add_hosts # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. #expand-hosts # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" domain=mishland # Set a different domain for a particular subnet #domain=wireless.thekelleys.org.uk,192.168.2.0/24 # Same idea, but range rather then subnet #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. #dhcp-range=192.168.0.50,192.168.0.150,12h # This is an example of a DHCP range where the netmask is given. This # is needed for networks we reach the dnsmasq DHCP server via a relay # agent. If you don't know what a DHCP relay agent is, you probably # don't need to worry about this. #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h # This is an example of a DHCP range which sets a tag, so that # some DHCP options may be set only for this network. #dhcp-range=set:red,192.168.0.50,192.168.0.150 # Use this DHCP range only when the tag "green" is set. #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h # Specify a subnet which can't be used for dynamic address allocation, # is available for hosts with matching --dhcp-host lines. Note that # dhcp-host declarations will be ignored unless there is a dhcp-range # of some type for the subnet in question. # In this case the netmask is implied (it comes from the network # configuration on the machine running dnsmasq) it is possible to give # an explicit netmask instead. #dhcp-range=192.168.0.0,static # Enable DHCPv6. Note that the prefix-length does not need to be specified # and defaults to 64 if missing/ #dhcp-range=1234::2, 1234::500, 64, 12h # Do Router Advertisements, BUT NOT DHCP for this subnet. #dhcp-range=1234::, ra-only # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack # hosts. Use the DHCPv4 lease to derive the name, network segment and # MAC address and assume that the host will also have an # IPv6 address calculated using the SLAAC algorithm. #dhcp-range=1234::, ra-names # Do Router Advertisements, BUT NOT DHCP for this subnet. # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.) #dhcp-range=1234::, ra-only, 48h # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA # so that clients can use SLAAC addresses as well as DHCP ones. #dhcp-range=1234::2, 1234::500, slaac # Do Router Advertisements and stateless DHCP for this subnet. Clients will # not get addresses from DHCP, but they will get other configuration information. # They will use SLAAC for addresses. #dhcp-range=1234::, ra-stateless # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses # from DHCPv4 leases. #dhcp-range=1234::, ra-stateless, ra-names # Do router advertisements for all subnets where we're doing DHCPv6 # Unless overridden by ra-stateless, ra-names, et al, the router # advertisements will have the M and O bits set, so that the clients # get addresses and configuration from DHCPv6, and the A bit reset, so the # clients don't use SLAAC addresses. #enable-ra # Supply parameters for specified hosts using DHCP. There are lots # of valid alternatives, so we will give examples of each. Note that # IP addresses DO NOT have to be in the range given above, they just # need to be on the same network. The order of the parameters in these # do not matter, it's permissible to give name, address and MAC in any # order. # Always allocate the host with Ethernet address 11:22:33:44:55:66 # The IP address 192.168.0.60 #dhcp-host=11:22:33:44:55:66,192.168.0.60 # Always set the name of the host with hardware address # 11:22:33:44:55:66 to be "fred" #dhcp-host=11:22:33:44:55:66,fred # Always give the host with Ethernet address 11:22:33:44:55:66 # the name fred and IP address 192.168.0.60 and lease time 45 minutes #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m # Give a host with Ethernet address 11:22:33:44:55:66 or # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume # that these two Ethernet interfaces will never be in use at the same # time, and give the IP address to the second, even if it is already # in use by the first. Useful for laptops with wired and wireless # addresses. #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 # Give the machine which says its name is "bert" IP address # 192.168.0.70 and an infinite lease #dhcp-host=bert,192.168.0.70,infinite # Always give the host with client identifier 01:02:02:04 # the IP address 192.168.0.60 #dhcp-host=id:01:02:02:04,192.168.0.60 # Always give the InfiniBand interface with hardware address # 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the # ip address 192.168.0.61. The client id is derived from the prefix # ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of # hex digits of the hardware address. #dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61 # Always give the host with client identifier "marjorie" # the IP address 192.168.0.60 #dhcp-host=id:marjorie,192.168.0.60 # Enable the address given for "judge" in /etc/hosts # to be given to a machine presenting the name "judge" when # it asks for a DHCP lease. #dhcp-host=judge # Never offer DHCP service to a machine whose Ethernet # address is 11:22:33:44:55:66 #dhcp-host=11:22:33:44:55:66,ignore # Ignore any client-id presented by the machine with Ethernet # address 11:22:33:44:55:66. This is useful to prevent a machine # being treated differently when running under different OS's or # between PXE boot and OS boot. #dhcp-host=11:22:33:44:55:66,id:* # Send extra options which are tagged as "red" to # the machine with Ethernet address 11:22:33:44:55:66 #dhcp-host=11:22:33:44:55:66,set:red # Send extra options which are tagged as "red" to # any machine with Ethernet address starting 11:22:33: #dhcp-host=11:22:33:*:*:*,set:red # Give a fixed IPv6 address and name to client with # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. # Note also that the [] around the IPv6 address are obligatory. #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] # Ignore any clients which are not specified in dhcp-host lines # or /etc/ethers. Equivalent to ISC "deny unknown-clients". # This relies on the special "known" tag which is set when # a host is matched. #dhcp-ignore=tag:!known # Send extra options which are tagged as "red" to any machine whose # DHCP vendorclass string includes the substring "Linux" #dhcp-vendorclass=set:red,Linux # Send extra options which are tagged as "red" to any machine one # of whose DHCP userclass strings includes the substring "accounts" #dhcp-userclass=set:red,accounts # Send extra options which are tagged as "red" to any machine whose # MAC address matches the pattern. #dhcp-mac=set:red,00:60:8C:*:*:* # If this line is uncommented, dnsmasq will read /etc/ethers and act # on the ethernet-address/IP pairs found there just as if they had # been given as --dhcp-host options. Useful if you keep # MAC-address/host mappings there for other purposes. #read-ethers # Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. # In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit # option with a DHCPACK including a Rapid Commit option and fully committed address # and configuration information. This must only be enabled if either the server is # the only server for the subnet, or multiple servers are present and they each # commit a binding for all clients. #dhcp-rapid-commit # Run an executable when a DHCP lease is created or destroyed. # The arguments sent to the script are "add" or "del", # then the MAC address, the IP address and finally the hostname # if there is one. #dhcp-script=/bin/echo # Set the cachesize here. #cache-size=150 # If you want to disable negative caching, uncomment this. #no-negcache # Normally responses which come from /etc/hosts and the DHCP lease # file have Time-To-Live set as zero, which conventionally means # do not cache further. If you are happy to trade lower load on the # server for potentially stale date, you can set a time-to-live (in # seconds) here. #local-ttl= # If you want dnsmasq to detect attempts by Verisign to send queries # to unregistered .com and .net hosts to its sitefinder service and # have dnsmasq instead return the correct NXDOMAIN response, uncomment # this line. You can add similar lines to do the same for other # registries which have implemented wildcard A records. #bogus-nxdomain=64.94.110.11 # If you want to fix up DNS results from upstream servers, use the # alias option. This only works for IPv4. # This alias makes a result of 1.2.3.4 appear as 5.6.7.8 #alias=1.2.3.4,5.6.7.8 # and this maps 1.2.3.x to 5.6.7.x #alias=1.2.3.0,5.6.7.0,255.255.255.0 # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 # Change these lines if you want dnsmasq to serve MX records. # Return an MX record named "maildomain.com" with target # servermachine.com and preference 50 mx-host=mole.mishland,mole.mishland # Set the default target for MX records created using the localmx option. #mx-target=servermachine.com # Return an MX record pointing to the mx-target for all local # machines. #localmx # Return an MX record pointing to itself for all local machines. #selfmx # Change the following lines if you want dnsmasq to serve SRV # records. These are useful if you want to serve ldap requests for # Active Directory and other windows-originated DNS requests. # See RFC 2782. # You may add multiple srv-host lines. # The fields are ,,,, # If the domain part if missing from the name (so that is just has the # service and protocol sections) then the domain given by the domain= # config option is used. (Note that expand-hosts does not need to be # set for this to work.) # A SRV record sending LDAP for the example.com domain to # ldapserver.example.com port 389 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 # A SRV record sending LDAP for the example.com domain to # ldapserver.example.com port 389 (using domain=) #domain=example.com #srv-host=_ldap._tcp,ldapserver.example.com,389 # Two SRV records for LDAP, each with different priorities #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 # A SRV record indicating that there is no LDAP server for the domain # example.com #srv-host=_ldap._tcp.example.com # The following line shows how to make dnsmasq serve an arbitrary PTR # record. This is useful for DNS-SD. (Note that the # domain-name expansion done for SRV records _does_not # occur for PTR records.) #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" # Change the following lines to enable dnsmasq to serve TXT records. # These are used for things like SPF and zeroconf. (Note that the # domain-name expansion done for SRV records _does_not # occur for TXT records.) #Example SPF. #txt-record=example.com,"v=spf1 a -all" #Example zeroconf #txt-record=_http._tcp.example.com,name=value,paper=A4 # Provide an alias for a "local" DNS name. Note that this _only_ works # for targets which are names from DHCP or /etc/hosts. Give host # "bert" another name, bertrand #cname=bertrand,bert # For debugging purposes, log each DNS query as it passes through # dnsmasq. #log-queries # Log lots of extra information about DHCP transactions. #log-dhcp # Include another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf #conf-dir=/etc/dnsmasq.d # Include all the files in a directory except those ending in .bak #conf-dir=/etc/dnsmasq.d,.bak # Include all files in a directory which end in .conf #conf-dir=/etc/dnsmasq.d/,*.conf # If a DHCP client claims that its name is "wpad", ignore that. # This fixes a security hole. see CERT Vulnerability VU#598349 #dhcp-name-match=set:wpad-ignore,wpad #dhcp-ignore-names=tag:wpad-ignore My "hosts" file: 127.0.0.1 localhost 127.0.1.1 Torial-Server 192.168.0.34 mole.mishland # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.0.34 mole.mishland 192.168.0.34 mole.mishland My resolv.conf file: nameserver 192.168.0.34 nameserver 8.8.8.8

Trying to update host configuration file via command : $ sudo bash -c 'echo $(minikube ip) blue.io green.io >> /etc/hosts' Command was passed, but host configuration file /etc/hosts was not updated. If after command above, I pass the following command: $ sudo bash -c 'echo $(minikube ip) blue.io green.io | cat' The following message is returned: "Profile "minikube" not found. Run "minikube profile list" to view all profiles. 👉 To start a cluster, run: "minikube start" blue.io green.io. If I run command below: $ sudo nano /etc/hots I can see two times the following message at the bottom of the script: "Profile "minikube" not found. Run "minikube profile list" to view all profiles. 👉 To start a cluster, run: "minikube start" blue.io green.io. I resorted to updating file manually using nano command, by deleting message from above, and entering a line manually: xxx.xxx.99.100 blue.io green.io $ nano /etc/hosts I wonder why code sudo bash -c.... did not update configuration file as expected. Further information: - code is run on a ubuntu Linux VM with enabled nested virtualisation, - running a minikube cluster(kubernetes) - 2 configuration maps are setup to customise each of the webservers from a yaml file I read posts like [Webserver /etc/hosts file questions](https://unix.stackexchange.com/questions/710857/webserver-etc-hosts-file-questions) but I could not find the answer to my question.

I know that the hostname of the server should be listed in the /etc/hosts file.

198.51.100.1 server1.example.com server1

Do I also need to list every domain hosted on the server within the /etc/hosts file as well in the same format?

In /etc/hosts, I added the following line: github.com git.hub In chrome browser, when I enter the address git.hub it can't redirect to github.com, instead it does a search. In Linux terminal (e.g bash), when I enter cmd ping git.hub, it says git.hub: Name or service not known. In my /etc/nsswitch.conf, the hosts config is like this: hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname I suppose it means check the /etc/hosts first, then dns. So, why git.hub can't become an alias for github.com after my configuration. And, is there anyway to achieve that, without actually change the DNS record.

If I modify my /etc/hosts file from this: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost to this: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost 127.0.0.1 www.microsoft.com This will redirect any attempt to access www.microsoft.com to 127.0.0.1, effectively blocking access to www.microsoft.com. This works great. Now, instead of redirecting to localhost, I want to redirect to another website, for example, I want to change my /etc/hosts to look like: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost www.google.com www.microsoft.com However, when I try to visit www.microsoft.com, it never redirects me to www.google.com. It just goes straight to www.microsoft.com and ignores what I did in /etc/hosts. Does anyone know how to fix this or how this can be achieved?

SSH is listening on all the available 10 Ethernet interfaces in my system. I have tested using nc 160.49.198.97 22 command in Linux. To allow only particular interface and block others, i have created hosts.deny and hosts.allow files in `/etc/ folder. Below is hosts.deny file sshd: ALL Below is hosts.allow file sshd: 160.49.198.97 Now along with 160.49.198.97, I need to add 160.49.198.185 and 160.49.198.199 also in hosts.allow file. How to add them? Should i separate IP's by comma? or by space ??

I wish to have this all done in the ssh config file for a specific user. The site has hard-coded ip addresses into there various software and using the naming convention is not really an option.

Host bast.aws1.prod
  HostName bastion.aws1.chaos.com
  User chaos

Host *.aws1.prod
  User chaos
  Proxycommand ssh bast.aws1.prod -W 192.168.10.echo %h | cut -d. -f1:%p

Host bast.aws2.prod
  HostName bastion.aws2.chaos.com
  User chaos

Host *.aws2.prod
  User chaos
  Proxycommand ssh bast.aws2.prod -W 192.168.12.echo %h | cut -d. -f1:%p

So if I run the following command: **ssh 169.aws2.prod** it should execute within the proxy command **"ssh bast.aws2.prod -W 192.168.12.169:22"** but it executes **"ssh bast.aws2.prod -W 192.168.12.echo %h | cut -d. -f1:22"** instead. ***What is the best way to pass the last octet to the value within the proxycommand?*** Alternative ways are welcome.

my zsh completion file _cssh has this line, which completes hosts only from /etc/hosts: '*:userhostport: _alternative hosts:host:_hosts usersathosts:userathost:_user_at_host' how do I make it complete hosts defined in my ~/.ssh/config, same as ssh does ? the full _ssh file is here I don't need to complete usernames. Just hostnames from /etc/hosts as well as hosts defined in ~/.ssh/config. Also, it is important that multiple hosts can be completed (cssh is cluster ssh and takes multiple hosts, unlike ssh)

I haven't found any browser that supports aliases defined in /etc/hosts even when single terms (without having to prepend in the browser with http://) are not interpreted as search terms for the default search engine (the case with badwolf browser ). Aliases work when prepended with http:// , e.g. http://bse but having to type http://defeats the purpuse of using them. Cloudflare does not allow to access bitcoin.stackexchange.com via an alias, defined as 172.64.144.30 bitcoin.stackexchange.com bse

Error 1003 Ray ID: 85750e9fc9b65e4d • 2024-02-18 08:56:29 UTC
Direct IP access not allowed
What happened?
You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website.

When I attempt to reach bitcoin.stackexchange.com I do not get any error from Cloudflare. 1. Am I sending a host header when attempting to reach bitcoin.stackexchange.com from a desktop PC with 172.64.144.30 bitcoin.stackexchange.com bse appended to /etc/hosts? 2. Why do I get different browser behaviour when attempting to reach http://bse and bitcoin.stackexchange.com in the browser? 3. Are there any settings in browsers such as Brave, Firefox (about:config ?), Chromium that I could apply to use my aliases seamlessly? Other than in /etc/hosts my DNS queries are resolved by by the home router as shown by the content of my /etc/resolv.conf

# Generated by Connection Manager
search home 
nameserver 192.168.1.1

The research I did is man hosts. The hypothetical purpose of appending 172.64.144.30 bitcoin.stackexchange.com bse to /etc/hosts is limiting the number of certain DNS queries (that may make my profiling seem too radical and hence result in targeted surveillence) to the dns server of my router. I am aware of the possibility of reverse-DNS-lookups but let this be outside of the scope of the question.

I want to know what is different between this two configuration : First :

127.0.0.1       localhost my-hostname
192.168.10.12   host-a a.com

Second :

127.0.0.1       localhost my-hostname
192.168.10.12   host-a 
192.168.10.12   a.com

What happened if i do not use aliases ?

zsh is great so far. I am using zsh-completions but still I am unable to get autocompletion for ssh commands like in bash as shown in below screenshot: How to get hostnames from /etc/hosts for **ssh | scp | telnet** command autocompletion in zsh shell ? Update 1: https://github.com/sunlei/zsh-ssh : This SSH completion offers a greater array of features in comparison to the default SSH completion.

Utilities like host and dig let you see the IP address corresponding to the host name. There is also the getent utility that can be used to query /etc/hosts or other NSS databases. I am looking for a convenient standard utility (which is available in Debian, say) which resolves a host name regardless of where it is defined. It should be more or less equivalent to ping "$HOST" | head -1 | perl -lne '/\((.*?)\)/ && print $1'

Is it possible to add a list of hosts that are only specific to a certain user? Perhaps a user-specific hosts file? This mechanism should also complement the entries in the /etc/hosts file.