Bug 2693 - ssh: Include'ed host is not resolved by ssh
Summary: ssh: Include'ed host is not resolved by ssh
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.4p1
Hardware: amd64 Linux
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-15 18:21 AEDT by pva
Modified: 2018-04-06 12:26 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description pva 2017-03-15 18:21:01 AEDT 
I'm trying to use ssh client. I've created following configs:

/home/pay/.ssh/config:
===========cut here==========
Host thtv.db?
    User pva

Include ssh-config/*.ssh
===========cut here==========

/home/pay/.ssh/ssh-config/thtv.ssh:
===========cut here==========
Host thtv.enc1
    Port 2249
    HostName 10.0.200.18
===========cut here==========

But ssh is not able to "resolve" thtv.enc1:

$ ssh thtv.enc1 -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /home/pay/.ssh/config
debug3: /home/pay/.ssh/config line 4: Including file /home/pay/.ssh/ssh-config/thtv.ssh depth 0 (parse only)
debug1: Reading configuration data /home/pay/.ssh/ssh-config/thtv.ssh
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "thtv.enc1" port 22
ssh: Could not resolve hostname thtv.enc1: Name or service not known
$ 


If I comment first two lines in .ssh/config (Host thtv.db? and next line) ssh starts to Apply options for thtv.enc1 in Included file and everything magically starts to work! Also if I move Host thtv.enc1 config to .ssh/config everything starts to work as well.
Comment 1 Jakub Jelen 2017-03-15 18:39:28 AEDT 
There is a problem, that the semantics of Include is evaluated after the Match block. This basically means that the `ssh-config/*.ssh` is included only if the host matches `thtv.db?`

It is clearly communicated in the manual page for ssh_config:

> Include directive may appear inside a Match or Host block to perform conditional inclusion.

Your configuration files should look like below to include the file unconditionally:

/home/pay/.ssh/config:
===========cut here==========
Include ssh-config/*.ssh
Host thtv.db?
    User pva
===========cut here==========

/home/pay/.ssh/ssh-config/thtv.ssh:
===========cut here==========
Host thtv.enc1
    Port 2249
    HostName 10.0.200.18
===========cut here==========
Comment 2 pva 2017-03-15 18:51:02 AEDT 
Thank you very much for clarification! I need to define users for Hosts before Include'd configs, since that configs define "default" users as well. So I'll use

Host *
    Include ssh-config/*.ssh

Yet this is not evident since debug log clearly states that configs are read, but then silently not applied. Not self evident, but I see. I'll leave resolution up to you guys.
Comment 3 Jakub Jelen 2017-03-15 23:14:45 AEDT 
Well, the debug log says "(parse only)":

  debug3: ~/.ssh/config line 4: Including file ~/.ssh/ssh-config/thtv.ssh depth 0 (parse only)

It is not present in case the included file is parsed and used:

  debug3: ~/.ssh/config line 4: Including file ~/.ssh/ssh-config/thtv.ssh depth 0

It might not be completely clear what "parse only" means but with the clarification in manual page it sounds pretty clear to me (but I was here with the birth of this option). Improvements for both log and manual pages are always welcomed.
Comment 4 pva 2017-03-16 03:07:27 AEDT 
Jakub, I think it will be more evident not to read and parse file at all if it will not be used later. Also for very large ssh configs this could add some performance gain :) But as I said, for me this issue resolved and I'll update status as is. I was not attentive enough while read documentation.

Thank you, guys, for you help!
Comment 5 Damien Miller 2018-04-06 12:26:48 AEST 
Close all resolved bugs after release of OpenSSH 7.7.