我的OpenSSH Include指令怎么了?

12

最近,macOS Sierra上的OpenSSH已升级到7.3p1 ,这意味着Includeconfig指令可用,谢谢!

但是我在实际使用它时遇到了问题。

我有以下内容~/.ssh/config

Host github.com
Hostname github.com
User git
IdentityFile ~/.ssh/keys/github_rsa

Host den
HostName narzt-desktop.local
User camden
GSSAPIAuthentication no
AddressFamily inet

Host walle
User CamdenNarzt
HostName WALLE.local
AddressFamily inet
GSSAPIAuthentication no

Include ~/.ssh/config.d/*

我在这里看到,如果我-v在ssh命令中添加了一堆标志,可能会有一些有用的调试输出,但是当我在包含的文件之一中测试主机的配置时,我得到了:

$ \ssh -vvvvG git-codecommit.us-east-1.amazonaws.com
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /Users/camdennarzt/.ssh/config
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/family.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/family.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/icloud.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/icloud.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/metabolistics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/metabolistics.conf
debug3: /Users/camdennarzt/.ssh/config line 31: Including file /Users/camdennarzt/.ssh/config.d/scanimetrics.conf depth 0 (parse only)
debug1: Reading configuration data /Users/camdennarzt/.ssh/config.d/scanimetrics.conf
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
user camdennarzt
hostname git-codecommit.us-east-1.amazonaws.com
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel DEBUG3
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /opt/X11/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177

(忽略第一行的行号,我删除了一些注释以节省问题空间)用户应该是~/.ssh/config.d/metabolistics.conf文件中指定的用户,身份文件也应该是包含的配置文件中指定的用户。我无法发布~/.ssh/config.d/metabolistics.conf文件的内容,但是它的格式与主~/.ssh/config文件完全相同,但是没有任何进一步的包含。

我检查了权限,它们对我来说看起来不错:

$ ls -lhRa ~/.ssh/config* 
-rw-------  1 camdennarzt  staff   541B  1 Jan 14:22 /Users/camdennarzt/.ssh/config

/Users/camdennarzt/.ssh/config.d:
total 32
drwxr-xr-x  6 camdennarzt  staff   204B  1 Jan 14:37 .
drwx------  9 camdennarzt  staff   306B  1 Jan 14:22 ..
-rw-------  1 camdennarzt  staff   260B  1 Jan 14:16 family.conf
-rw-------  1 camdennarzt  staff   303B  1 Jan 14:17 icloud.conf
-rw-------  1 camdennarzt  staff   524B  1 Jan 14:15 metabolistics.conf
-rw-------  1 camdennarzt  staff   1.6K  1 Jan 14:15 scanimetrics.conf
macos  ssh  openssh 
卡姆登·纳兹特(Camden Narzt)
source

Answers:

20

我自己想通了。线索在ssh_config手册页中:

 Include
         Include the specified configuration file(s).  Multiple pathnames may be specified and each pathname may contain glob(3) wildcards and, for user configurations, shell-like
         ``~'' references to user home directories.  Files without absolute paths are assumed to be in ~/.ssh if included in a user configuration file or /etc/ssh if included from
         the system configuration file.  Include directive may appear inside a Match or Host block to perform conditional inclusion.

我的Include语句后面有一条Host指令,因此该指令已包含在该主机的配置中。

卡姆登·纳兹特(Camden Narzt)
source
8
换句话说,Include指令必须转到config文件的顶部(在由Host块组成的“主体”之前)
lucianf
1
谢谢,虽然这确实是从文档中得出的,但是当试图弄清为什么配置不起作用时,并不能立即看出来:)
larsks 18-10-15
1

其实没有 这是SSHCONF_NEVERMATCH标志使用中的短路错误。我正在研究差异修复问题。Include应该可以在主体或Host | Match块内的任何地方(也可以递归)使用。唯一棘手的一点是,您知道何时展开了read_config_file_depth()堆栈并可以重新开始处理Host | Match。

我有东西的时候会张贴到我的分支机构

马特
source
1

如果将Include语句放在文件末尾,则可以将其保留在文件末尾Match all。这将终止先前的主机/匹配,然后有条件地始终包含文件。因此,该文件将以:

Match all
Include config.d/*
依里丹
source
顺便说一句,只有以#空行开头或空行才算作注释。您不能在Match或的同一行中添加评论Host
Iiridayn
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.