What's wrong with my OpenSSH Include directive?

Figured it out myself. The clue was in the ssh_config man page:

 Include
         Include the specified configuration file(s).  Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
         ``~'' references to user home directories.  Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
         the system configuration file.  Include directive may appear inside a Match or Host block to perform conditional inclusion.

I had my Include statement trailing a Host directive so it was being included into that Host's config.


You can leave the Include statement at the end of the file if you precede it with Match all. This terminates the previous Host/Match, and then conditionally always includes the file(s). So, the file would end with:

Match all
Include config.d/*

actually no. It's a short-circuit bug in the SSHCONF_NEVERMATCH flag's use. I'm working on diffs to fix the mess. Includes should be able to go anywhere (and also be recursive) be it main body or inside a Host|Match block. The only tricky bit is knowing when you've unrolled the stack of read_config_file_depth() and can resume processing Host|Match again.

I'll be posting to my branch when I have something.

Tags:

Macos

Ssh

Openssh