Bug 2829

In our company, we use multiple root accounts (that is, accounts with uid 0) with different user names and home directories for remote administration purposes. This is mainly so that each user can have his own personal home directory for configs etc.

Unfortunately, when reading ~/.ssh/config, ssh interprets ~ as the home directory specified in /etc/passwd for the current user's uid. This causes it to always read /root/.ssh/config instead of my own personal config $HOME/.ssh/config. I do not know for sure if this behavior is intentional, but I suspect this might be for security reasons (so as not to trust $HOME?). I would very much appreciate it if this behavior could be changed (most other programs will use $HOME), but I would of course understand if that's not going to happen.

While reading in the code I discovered something interesting though. There is a glob() function in openbsd-compat/glob.c that does interpret ~ as $HOME, and via grep I've figured out that readconf.c uses this function when parsing Include statements. To test this, I created the following /root/.ssh/config:

server ~ # cat /root/.ssh/config 
Include ~/.ssh/config

And sure enough, now ssh will happily read my ~/.ssh/config:

server ~ # ssh -v example.com
OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /var/lib/iserv/remote-support/iserv-martin.von.wittich/.ssh/config
debug1: /var/lib/iserv/remote-support/iserv-martin.von.wittich/.ssh/config line 1: Applying options for example.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *

I'm still hoping that the ssh behaviour might be changed to that it will interpret ~ as $HOME, but ssh does in fact shun $HOME for security reasons, then Include should probably behave the same way.