[Bug 3726] New: `Include` in a file included in a Host-block
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Aug 31 13:33:03 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3726
Bug ID: 3726
Summary: `Include` in a file included in a Host-block
Product: Portable OpenSSH
Version: 9.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.org
Hey.
I've recently stumbled over the systemd-ssh-generator feature and it's
friend /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf which is per
default Included in many ssh_configs.
Not so in mine, where I only explicitly include files and not glob
patters from the /etc/ssh/sshd?_config.d directories .
So I've added a manual Include
/etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf in my .ssh/config
And whether that worked depend upon whether I included it either in the
very top of the file (which I assume is as it's in a Host * block) or
in an explicit Host * block.
If I included it "in" another block it didn't work.
Now that's in principle documented in ssh_config(5) in the Include
directive, but what's not mentioned there and IMO ambiguous is:
What if the included file (here
/etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf) contains itself a Host
block?
It does *not* seem - as one would expect - that these actually start a
new Host block, but instead they seems to be accounted for the one in
which the file is included.
Either that's a bug, or there should IMO at least be some warning, that
the whole (included) block will be ignored, or it should be documented
that there are "sub" Host blocks (which I think there are not).
Cheers,
Chris.
btw. 20-systemd-ssh-proxy.conf:
Host unix/* vsock/*
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p
ProxyUseFdpass yes
CheckHostIP no
# Disable all kinds of host identity checks, since these
addresses are generally ephemeral.
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
# Allow connecting to the local host directly via ".host"
Host .host
ProxyCommand /usr/lib/systemd/systemd-ssh-proxy
unix/run/ssh-unix-local/socket %p
ProxyUseFdpass yes
CheckHostIP no
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list