I'm trying to use ssh client. I've created following configs: /home/pay/.ssh/config: ===========cut here========== Host thtv.db? User pva Include ssh-config/*.ssh ===========cut here========== /home/pay/.ssh/ssh-config/thtv.ssh: ===========cut here========== Host thtv.enc1 Port 2249 HostName 10.0.200.18 ===========cut here========== But ssh is not able to "resolve" thtv.enc1: $ ssh thtv.enc1 -vvv OpenSSH_7.4p1, OpenSSL 1.0.2k 26 Jan 2017 debug1: Reading configuration data /home/pay/.ssh/config debug3: /home/pay/.ssh/config line 4: Including file /home/pay/.ssh/ssh-config/thtv.ssh depth 0 (parse only) debug1: Reading configuration data /home/pay/.ssh/ssh-config/thtv.ssh debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "thtv.enc1" port 22 ssh: Could not resolve hostname thtv.enc1: Name or service not known $ If I comment first two lines in .ssh/config (Host thtv.db? and next line) ssh starts to Apply options for thtv.enc1 in Included file and everything magically starts to work! Also if I move Host thtv.enc1 config to .ssh/config everything starts to work as well.
There is a problem, that the semantics of Include is evaluated after the Match block. This basically means that the `ssh-config/*.ssh` is included only if the host matches `thtv.db?` It is clearly communicated in the manual page for ssh_config: > Include directive may appear inside a Match or Host block to perform conditional inclusion. Your configuration files should look like below to include the file unconditionally: /home/pay/.ssh/config: ===========cut here========== Include ssh-config/*.ssh Host thtv.db? User pva ===========cut here========== /home/pay/.ssh/ssh-config/thtv.ssh: ===========cut here========== Host thtv.enc1 Port 2249 HostName 10.0.200.18 ===========cut here==========
Thank you very much for clarification! I need to define users for Hosts before Include'd configs, since that configs define "default" users as well. So I'll use Host * Include ssh-config/*.ssh Yet this is not evident since debug log clearly states that configs are read, but then silently not applied. Not self evident, but I see. I'll leave resolution up to you guys.
Well, the debug log says "(parse only)": debug3: ~/.ssh/config line 4: Including file ~/.ssh/ssh-config/thtv.ssh depth 0 (parse only) It is not present in case the included file is parsed and used: debug3: ~/.ssh/config line 4: Including file ~/.ssh/ssh-config/thtv.ssh depth 0 It might not be completely clear what "parse only" means but with the clarification in manual page it sounds pretty clear to me (but I was here with the birth of this option). Improvements for both log and manual pages are always welcomed.
Jakub, I think it will be more evident not to read and parse file at all if it will not be used later. Also for very large ssh configs this could add some performance gain :) But as I said, for me this issue resolved and I'll update status as is. I was not attentive enough while read documentation. Thank you, guys, for you help!
Close all resolved bugs after release of OpenSSH 7.7.