[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #27 from Jakub Jelen--- Created attachment 2859 --> https://bugzilla.mindrot.org/attachment.cgi?id=2859=edit remove duplicate code from regress test Not sure how this get in, but the code in the regress/cfginclude.sh is duplicated (unlike in the patch attached to this bugzilla), except of the umask part, set to the first copy, and the part # Ensure that recursive includes are bounded. which is only in the second copy. The attached patch removes the duplicate code. No reopening, since it is not very critical, but if would be nice to have cleaned up :) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Damien Millerchanged: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #26 from Damien Miller --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #25 from Tomas Pospisek--- Thanks to everybody how contributed patches and helped moving this featureinto ssh. And in particular to Damien to applying patch and tests and including the feature! Thanks *t -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Damien Millerchanged: What|Removed |Added Blocks||2543 Keywords|low-hanging-fruit | Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #24 from Damien Miller --- Slightly modified patch applied, this will be in openssh-7.3 commit dc7990be865450574c7940c9880567f5d2555b37 Author: d...@openbsd.org Date: Fri Apr 15 00:30:19 2016 + upstream commit Include directive for ssh_config(5); feedback & ok markus@ Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff commit 35f22dad263cce5c61d933ae439998cb965b8748 Author: d...@openbsd.org Date: Fri Apr 15 00:31:10 2016 + upstream commit regression test for ssh_config Include directive Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2543 [Bug 2543] Tracking bug for OpenSSH 7.3 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Damien Millerchanged: What|Removed |Added Attachment #1623|0 |1 is obsolete|| Attachment #2274|0 |1 is obsolete|| Attachment #2647|0 |1 is obsolete|| CC||d...@mindrot.org --- Comment #22 from Damien Miller --- Created attachment 2790 --> https://bugzilla.mindrot.org/attachment.cgi?id=2790=edit Include support and regress test There were a few problems with the previous patches, most due to host/match state persisting between files in non-intuitive ways. This diff covers all the cases that I can think off and adds a regression test. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Jakub Jelen jje...@redhat.com changed: What|Removed |Added CC||jje...@redhat.com --- Comment #20 from Jakub Jelen jje...@redhat.com --- Created attachment 2647 -- https://bugzilla.mindrot.org/attachment.cgi?id=2647action=edit proposed patch for ssh config I don't know why there is not to used function tilde_expand_filename, which does exactly the same thing that you are implementing on these 80 lines. It works fine for including single file, but for conf.d use cases (described in #2351 and #1613) would be great to have possibility to include all directory. I massaged this patch to do so (tilde, wildcard) and I would like to open the discussion on this topic again. There is a lot of users who would appreciate this feature in upstream, but no upstream response. This feature, especially if massaged for sshd_config (can be applied also for server with small change), would be really helpful for packaging specific configuration dependent on installed packages without rewriting the only config file. To have the report complete, I link Fedora feature request we were discussing recently: https://bugzilla.redhat.com/show_bug.cgi?id=1225752 -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #21 from Tomas Pospisek tpo_...@sourcepole.ch --- @Jakub Jelen specifically, but to the other people here in general as well. I have not studied the proposed patches, but one problem that I am seeing in general with the approach is, that once we start including/merging multiple configurations, we will start seeing conflicts of config options and overrides. This does not *have to* be a big problem in specific cases, but it is a problem in the general case, when one starts mixing configuration bits coming from different sources with different trusts. ssh does not warn when you have twice the same setting with different options, so configuration snipplets from your company can override your own settings without you noticing. It can change host settings. It can change security settings. It can change how ssh connects to where. I myself am using a cat ~/.ssh/config.d/* ~/.ssh/config approach myself and that certainly works and is useful for me, but I have also been already bitten by the above mentioned problem once. It wasn't anything serious, but stuff did start behaving slightly unexpectedly until I noticed that an imported bit of ssh config had changed... -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #19 from victor.engm...@gmail.com --- (In reply to andrew from comment #18) Is there a better way to trigger this than in .bashrc? .bashrc is easy and convenient, but it's not safe. Simply put, how do you guarantee that starting a terminal, `exec $ SHELL` or simply running `bash` doesn't interfere with a background `ssh` process? You should instead apply such changes at the *login* level, but that depends on how you start a login session. I use ~/.xprofile https://github.com/l0b0/tilde/blob/2247c76e4851eff63643b31179c0b1ca97e995fb/.xprofile, but that may not be appropriate for you. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Stefan s...@xxzz.de changed: What|Removed |Added CC||s...@xxzz.de --- Comment #17 from Stefan s...@xxzz.de --- +1 I'm writing software that uses ssh-agent. And as ssh-agent does not support command line options, I can't make ssh use a config file within the application configuration directory using the -F parameter. I have to rewrite the config in the user home, which is a terrible thing. It would be way better to add an include to the application specific one that can then be managed by the application alone. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #18 from and...@mcnaughty.com --- I think this is an obviously useful thing to add to openssh, and I've yet to see any argument against it, but given that it's been 6 years I'm not holding my breath. As a simple workaround, I'd suggest people create a directory called `.ssh/config.d`, touch `.ssh/config.d/00_empty` and add a line to their `.bashrc` like `cat .ssh/config.d/* .ssh/config`. All of that could be done in the skeleton home directory for new users. (On a debian system, that's /etc/skel), or it could be done through a configuration management system like puppet if you use that. This is slightly different to the include statement idea, but should cover most use cases. For the actual include statement approach, I'm sure it would be possible to do something similar as a pre-processed macro. Is there a better way to trigger this than in .bashrc? -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 hvj...@gmail.com changed: What|Removed |Added CC||hvj...@gmail.com --- Comment #16 from hvj...@gmail.com --- ++1 This gets even more needed as I'm managing multiple clients's systems, and they update/change their information/settings, and I need to update my config file trying to find where what is inserted. At least a directory with separate files for each client would've helped/solved that issue. Not to mention to keep my laptop, home desktop and work jumphosts all in sync, or with only the specifics needed for the specific host/device, there the include files directives would be great and helpfull -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 and...@mcnaughty.com changed: What|Removed |Added CC||and...@mcnaughty.com -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #15 from and...@mcnaughty.com --- +1 The usefulness of this is increasing with the increasing use of automation in system administration. It's increasingly feasible to automate and distribute configuration files populated with host details, but there's no good way to integrate this with a user's own preferences. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Heikki Levanto heikkim...@lsd.dk changed: What|Removed |Added CC||heikkim...@lsd.dk --- Comment #12 from Heikki Levanto heikkim...@lsd.dk --- +1 I would also like to see this feature. My use case is that we have a company-wide ssh_config for all our servers, and I need to have some for my own private things as well. I think it would be even more cool to have a conf.d style directory, at least under /etc/ssh, so we could make a package that installs our company's file(s) there. But a simple include directive would solve all my immediate problems, either in /etc/ssh_config, and/or in ~/.ssh/config. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 mtamsky mtamsky+bugzilla-mindrot-...@gmail.com changed: What|Removed |Added CC||mtamsky+bugzilla-mindrot-or ||g...@gmail.com -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Luca Capello l...@pca.it changed: What|Removed |Added CC||l...@pca.it -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 SpiderX spid...@spiderx.dp.ua changed: What|Removed |Added CC||spid...@spiderx.dp.ua -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Andy Sayler andy.say...@gmail.com changed: What|Removed |Added CC||andy.say...@gmail.com -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #9 from amontero amont...@tinet.org --- Another, FUSE-based solution (not tested myself): https://github.com/markhellewell/sshconfigfs -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #10 from Christian Kujau mind...@nerdbynature.de --- While FUSE-based solutions are available, they're hardly portable and not available on most of the platforms listed on http://openssh.com/portable.html. What does it take to convince the developers to include Gavin's patch into mainline? -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #8 from mind...@nerdbynature.de --- Created attachment 2274 -- https://bugzilla.mindrot.org/attachment.cgi?id=2274action=edit Include option patch for OpenSSH 6.2 This is really just a modified version of Gavin Beatty's patch, slightly altered so it'll apply cleanly to OpenSSH 6.2 (i.e. yesterdays CVS checkout). -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 joshua.shaff...@gmail.com changed: What|Removed |Added CC||joshua.shaff...@gmail.com --- Comment #7 from joshua.shaff...@gmail.com --- +1 -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 mind...@nerdbynature.de changed: What|Removed |Added CC||mind...@nerdbynature.de -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 --- Comment #6 from amontero amont...@tinet.org --- Definitely +1 to this! An alternative (and more generic) approach would be doing this by intercepting .conf file reads (via FUSE?). After thinking a little about this and googling, I've found something that might be a good start: https://code.google.com/p/scriptfs/ @dkived: Maybe you can try this for your scenario and post how it works. I haven't tried it but looks like it can do the trick. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 dki...@gmail.com changed: What|Removed |Added CC||dki...@gmail.com --- Comment #5 from dki...@gmail.com --- +1 here as well. I'm trying to set up a secure Apt archive using ssh to limit access. I'm also making a Debian package to set up access to the archive, so it would be nice to add the Host stanza to a separate file for maintenance reasons. Methods such as using aliases/scripts to aggregate the various config files before execing ssh won't work for this, as apt-get is not going to call an shell-defined alias. Guess I'm gonna have to fall back to my old method of using scripts to rewrite /etc/ssh/ssh_config - which is a horrible way to do things. This is precisely why pretty much every major Linux service uses config.d directories instead of monolithic config files. EXCEPT OPENSSH. This request has now been ignored for 4 years. It would be nice to see some sort of response. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 hl...@korelogic.com changed: What|Removed |Added CC||hl...@korelogic.com -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 StalkR mind...@stalkr.net changed: What|Removed |Added CC||mind...@stalkr.net --- Comment #4 from StalkR mind...@stalkr.net --- +1 -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 amontero amont...@tinet.org changed: What|Removed |Added CC||amont...@tinet.org -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Tomas Pospisek tpo_...@sourcepole.ch changed: What|Removed |Added CC||tpo_...@sourcepole.ch --- Comment #2 from Tomas Pospisek tpo_...@sourcepole.ch --- +1 I needed just this today The usecase is the following: * my employer is maintaining a ssh_config file that registers all machines * I have some settings and hosts of my own How do I usefully integrate those two files? *t -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 jakobhil...@gmail.com changed: What|Removed |Added CC||jakobhil...@gmail.com --- Comment #1 from jakobhil...@gmail.com 2012-05-21 16:59:52 EST --- +1 Would be a very, very useful feature. And I know a bunch of other devs who also need this. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 sepposa...@gmail.com changed: What|Removed |Added CC||sepposa...@gmail.com -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Seppo Sade marqu...@me.com changed: What|Removed |Added CC||marqu...@me.com -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585 Yuval Hager yha...@yhager.com changed: What|Removed |Added CC||yha...@yhager.com -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs