| Summary: | .ssh/config: Host * overrides included files | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | mindrot | ||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED INVALID | ||||||
| Severity: | trivial | CC: | djm, mindrot | ||||
| Priority: | P5 | ||||||
| Version: | 7.5p1 | ||||||
| Hardware: | amd64 | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
I think the problem is that your configuration now is effectively: > Host * > User userB > Include ~/.ssh/a_host I.e. you're conditionally including the a_host file after you set userB. If you change the order to > Include ~/.ssh/a_host > > Host * > User userB Then you should get the behaviour that you desire. (In reply to Damien Miller from comment #1) > If you change the order to > > > Include ~/.ssh/a_host > > > > Host * > > User userB > > Then you should get the behaviour that you desire. Unfortunately that makes host `a' "disappear", `ssh a' will not work anymore, which is what I meant in the end of my post. (In reply to mindrot from comment #2) > Unfortunately that makes host `a' "disappear", `ssh a' will not work > anymore, which is what I meant in the end of my post. You'll need to include a debug trace ("ssh -vvv user@a") to figure out what's going on here. Created attachment 3000 [details] ssh -vvv a, on 7.5p1 (In reply to Damien Miller from comment #3) > You'll need to include a debug trace ("ssh -vvv user@a") to figure > out what's going on here. Sorry, I should have included it from the get go. I attached the output of `ssh -vvv a' for both Host * then Include and Include then Host *. I can't reproduce that behaviour. With ~/.ssh/config containing:
-----------
Include ~/.ssh/config_a
Host *
User bar
-----------
... and ~/.ssh/config_a containing:
-----------
Host a
Hostname 192.168.0.1
User foo
-----------
I get the following log messages:
> OpenSSH_7.5, LibreSSL 2.6.0
> debug1: Reading configuration data /home/djm/.ssh/config
> debug3: /home/djm/.ssh/config line 1: Including file /home/djm/.ssh/config_a depth 0
> debug1: Reading configuration data /home/djm/.ssh/config_a
> debug1: /home/djm/.ssh/config_a line 1: Applying options for a
> debug1: /home/djm/.ssh/config line 3: Applying options for *
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: resolving "192.168.0.1" port 22
This differs from your trace:
> Include then Host *:
> $ ssh -vvv a
> OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017
> debug1: Reading configuration data /home/ashka/.ssh/config
> debug3: /home/ashka/.ssh/config line 64: Including file /home/ashka/.ssh/a_host depth 0 (parse only)
You aren't showing your full ~/.ssh/config file, but I can see that there are 64 lines of other stuff before it actually gets to the Include directive.
I bet one of those is another Host or Match line, and the Include is being made conditional on it. That's what the "(parse only)" means - that the file is being read and checked for syntax, but its contents are ignored because it's in a Match/Host statement that didn't match.
(In reply to Damien Miller from comment #5) > I can't reproduce that behaviour. [...] You aren't showing your full ~/.ssh/config file, but I can see that there are 64 lines of other stuff before it actually gets to the Include directive. Indeed, I thought that other hosts in the same file before the Include did not affect it, but I had no idea Include was conditional (aka. ignored after a Host block if the Host does not match). Sorry for the waste of time. Close all resolved bugs after release of OpenSSH 7.7. |
Hi, When a file is included, and that .ssh/config contains a "Host *" section, properties (like User) that should be overriden in included files are not. Reproduction steps: - Create the following .ssh/config: Host a Hostname a.b.c User userA Host * User userB - `ssh a' should log in to userA@a.b.c, `ssh b.c.d' should log in to userB@b.c.d' - Move the `a' host into an included file to have the following .ssh/config: Host * User userB Include ~/.ssh/a_host - `ssh a' will try to log in to userB@a.b.c instead of userA@a.b.c. Expected result: `ssh a' should log in to userA@a.b.c anyway since there is an User line in its Host definition and that that works when not included. I have read online that the "Host *" should be at the end of the file, which works fine in the first example, however in the example with the Include, doing that "deletes" the included Hosts; having Include then User would make `ssh a' not work (unresolved hostname), as if there was no entry. ssh -V: OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017