Ubuntu

include in .ssh/config

Reported by Andrei Darashenka on 2011-03-21
82
This bug affects 15 people
Affects Status Importance Assigned to Milestone
portable OpenSSH
Confirmed
Wishlist
openssh (Ubuntu)
Wishlist
Unassigned

Bug Description

Could you implement sub-config including feature, please?
It's very useful to split a user config file into many pieces if you have a many hosts.

Created attachment 1623
Attached is a patch for an almost complete implementation. All that remains is the "file not readable is not an error" logic.

Adding the following to your config file should read the named file in place.

Include "~/.ssh/config.customer1"

If the file is not found, only a warning should be given, like so:

warning("%s line %d: Include file \"%s\" not found - skipping.", ...);

~/ and ~username expansion should be available.

Attached is a patch for an almost complete implementation. All that remains is the "file not readable is not an error" logic.

Andrei Darashenka (andry2) wrote :
tags: added: patch

It seems like this is a bug that has already been reported to the developers of openSSH. Please consider commenting in the upstream bug (https://bugzilla.mindrot.org/show_bug.cgi?id=1585) and proposing your patch, possibly integrating some of the work in the draft patch that is already included there.

Looks like there are some extra changes too, so that might need to be cleaned up.

Changed in openssh (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist

+1 Would be a very, very useful feature. And I know a bunch of other devs who also need this.

Changed in openssh:
importance: Unknown → Wishlist
status: Unknown → Confirmed

+1 I needed just this today

The usecase is the following:

* my employer is maintaining a ssh_config file that registers all machines
* I have some settings and hosts of my own

How do I usefully integrate those two files?
*t

+1 I needed just this today

The usecase is the following:

* my employer is maintaining a ssh_config file that registers all machines
* I have some settings and hosts of my own

How do I usefully integrate those two files?
*t

+1 This feature could be very useful.

@Tomas Pospisek : For now you can use only do some cheat with a shell script.
For example having your configuration file in ~/.ssh/config.d and make that type of alias:
alias ssh="cat ~/.ssh/config.d/* > ~/.ssh/config ; ssh"
It my way to keep my config file up-to-date.

I subscribe to this ticket.

(In reply to comment #2)
> +1 I needed just this today
>
> The usecase is the following:
>
> * my employer is maintaining a ssh_config file that registers all
> machines
> * I have some settings and hosts of my own
>
> How do I usefully integrate those two files?
> *t

+1 here as well.

I'm trying to set up a secure Apt archive using ssh to limit access. I'm also making a Debian package to set up access to the archive, so it would be nice to add the Host stanza to a separate file for maintenance reasons.

Methods such as using aliases/scripts to aggregate the various config files before execing ssh won't work for this, as apt-get is not going to call an shell-defined alias.

Guess I'm gonna have to fall back to my old method of using scripts to rewrite /etc/ssh/ssh_config - which is a horrible way to do things. This is precisely why pretty much every major Linux service uses config.d directories instead of monolithic config files. EXCEPT OPENSSH.

This request has now been ignored for 4 years. It would be nice to see some sort of response.

Definitely +1 to this!

An alternative (and more generic) approach would be doing this by intercepting .conf file reads (via FUSE?). After thinking a little about this and googling, I've found something that might be a good start:
https://code.google.com/p/scriptfs/

@dkived: Maybe you can try this for your scenario and post how it works. I haven't tried it but looks like it can do the trick.

Created attachment 2274
Include option patch for OpenSSH 6.2

This is really just a modified version of Gavin Beatty's patch, slightly altered so it'll apply cleanly to OpenSSH 6.2 (i.e. yesterdays CVS checkout).

Another, FUSE-based solution (not tested myself):
https://github.com/markhellewell/sshconfigfs

While FUSE-based solutions are available, they're hardly portable and not available on most of the platforms listed on http://openssh.com/portable.html.

What does it take to convince the developers to include Gavin's patch into mainline?

2009 ? This bug is rather young, I am sure at least 10 years is mandatory to have something as complex as this integrated... There are even patchs attached without even a comment on them.

As far as I can tell user interface is clearly not the focus of either OpenSSL or OpenSSH, just take a look at the OpenSSL api if you need convincing.

The funny thing is that if security is the concern here this is stupid since users will do things that may open a real security risk instead of relying on a proven built in Include which could just apply the same rules it uses when loading the main ".ssh/config".

What is preventing this from getting in ???
This a really helpful feature if you want to work with generated files without destroying you main config file.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.