Hi, When a file is included, and that .ssh/config contains a "Host *" section, properties (like User) that should be overriden in included files are not. Reproduction steps: - Create the following .ssh/config: Host a Hostname a.b.c User userA Host * User userB - `ssh a' should log in to userA@a.b.c, `ssh b.c.d' should log in to userB@b.c.d' - Move the `a' host into an included file to have the following .ssh/config: Host * User userB Include ~/.ssh/a_host - `ssh a' will try to log in to userB@a.b.c instead of userA@a.b.c. Expected result: `ssh a' should log in to userA@a.b.c anyway since there is an User line in its Host definition and that that works when not included. I have read online that the "Host *" should be at the end of the file, which works fine in the first example, however in the example with the Include, doing that "deletes" the included Hosts; having Include then User would make `ssh a' not work (unresolved hostname), as if there was no entry. ssh -V: OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017
I think the problem is that your configuration now is effectively: > Host * > User userB > Include ~/.ssh/a_host I.e. you're conditionally including the a_host file after you set userB. If you change the order to > Include ~/.ssh/a_host > > Host * > User userB Then you should get the behaviour that you desire.
(In reply to Damien Miller from comment #1) > If you change the order to > > > Include ~/.ssh/a_host > > > > Host * > > User userB > > Then you should get the behaviour that you desire. Unfortunately that makes host `a' "disappear", `ssh a' will not work anymore, which is what I meant in the end of my post.
(In reply to mindrot from comment #2) > Unfortunately that makes host `a' "disappear", `ssh a' will not work > anymore, which is what I meant in the end of my post. You'll need to include a debug trace ("ssh -vvv user@a") to figure out what's going on here.
Created attachment 3000 [details] ssh -vvv a, on 7.5p1 (In reply to Damien Miller from comment #3) > You'll need to include a debug trace ("ssh -vvv user@a") to figure > out what's going on here. Sorry, I should have included it from the get go. I attached the output of `ssh -vvv a' for both Host * then Include and Include then Host *.
I can't reproduce that behaviour. With ~/.ssh/config containing: ----------- Include ~/.ssh/config_a Host * User bar ----------- ... and ~/.ssh/config_a containing: ----------- Host a Hostname 192.168.0.1 User foo ----------- I get the following log messages: > OpenSSH_7.5, LibreSSL 2.6.0 > debug1: Reading configuration data /home/djm/.ssh/config > debug3: /home/djm/.ssh/config line 1: Including file /home/djm/.ssh/config_a depth 0 > debug1: Reading configuration data /home/djm/.ssh/config_a > debug1: /home/djm/.ssh/config_a line 1: Applying options for a > debug1: /home/djm/.ssh/config line 3: Applying options for * > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolving "192.168.0.1" port 22 This differs from your trace: > Include then Host *: > $ ssh -vvv a > OpenSSH_7.5p1, OpenSSL 1.1.0f 25 May 2017 > debug1: Reading configuration data /home/ashka/.ssh/config > debug3: /home/ashka/.ssh/config line 64: Including file /home/ashka/.ssh/a_host depth 0 (parse only) You aren't showing your full ~/.ssh/config file, but I can see that there are 64 lines of other stuff before it actually gets to the Include directive. I bet one of those is another Host or Match line, and the Include is being made conditional on it. That's what the "(parse only)" means - that the file is being read and checked for syntax, but its contents are ignored because it's in a Match/Host statement that didn't match.
(In reply to Damien Miller from comment #5) > I can't reproduce that behaviour. [...] You aren't showing your full ~/.ssh/config file, but I can see that there are 64 lines of other stuff before it actually gets to the Include directive. Indeed, I thought that other hosts in the same file before the Include did not affect it, but I had no idea Include was conditional (aka. ignored after a Host block if the Host does not match). Sorry for the waste of time.
Close all resolved bugs after release of OpenSSH 7.7.