1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • ssh config file not working as I think the man page describes

    From Chris Green@21:1/5 to All on Wed Nov 13 15:00:01 2024
    I have quite a long ~/.ssh/config file.

    I have been trying to rationalise it a bit and share bits that are
    common to several systems. So I have two sections referring to a
    host that I call 'caracal', the first is:-

    #
    #
    # Mythic Beasts hosting
    #
    Host mb caracal
    HostName caracal.mythic-beasts.com
    User chrisisbd

    ... and at the end of ~/.ssh/config:-

    #
    #
    # Options shared by non-root systems
    #
    Host cheddar halon caracal mb hostinger oasis41
    PermitLocalCommand=yes
    LocalCommand rsync --update --delete -a ~/.cfg/ %h:.cfg/
    AddKeysToAgent=yes

    #
    #
    # 'global' options
    #
    Host *
    User chris
    ~
    ~

    So, to my mind when I enter 'ssh caracal' at the command line the user
    name used by ssh should be chrisisbd as that's the first value for
    User that applies to caracal in the config file. But this isn't what
    happens, the user is set to 'chris':-

    chris$ ssh caracal
    chris@caracal.mythic-beasts.com's password:


    The man page for ssh_config says, right at the start: "For each
    parameter, the first obtained value will be used.". The caracal entry
    in the config file has definitely been found as ssh is trying to
    connect to caracal.mythic-beasts.com but the 'User chrisisbd' seems to
    be overriden by the 'User chris' at the bottom of the config file.
    Surely this isn't what the man page says?


    There is also another minor ambiguity that I don't quite understand.
    Near the top of the man page for 'Host' is says: "If more than one
    pattern is provided, they should be separated by whitespace." but in
    'PATTERNS' at the bottom it says: "A pattern-list is a comma-separated
    list of patterns."

    --
    Chris Green

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Wooledge@21:1/5 to Chris Green on Wed Nov 13 15:30:01 2024
    On Wed, Nov 13, 2024 at 13:56:11 +0000, Chris Green wrote:
    ... and at the end of ~/.ssh/config:-
    #
    # 'global' options
    #
    Host *
    User chris
    ~
    ~

    chris$ ssh caracal
    chris@caracal.mythic-beasts.com's password:

    So put the "Host *" section at the top instead of at the bottom.


    The man page for ssh_config says, right at the start: "For each
    parameter, the first obtained value will be used.".

    Look at the context, though. That sentence comes right after a list
    of the files that are searched. I would assume that it only refers to parameters that occur in multiple files.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Green@21:1/5 to Chris Green on Wed Nov 13 16:30:02 2024
    Chris Green <cl@isbd.net> wrote:
    I have quite a long ~/.ssh/config file.

    I have been trying to rationalise it a bit and share bits that are
    common to several systems. So I have two sections referring to a
    host that I call 'caracal', the first is:-

    #
    #
    # Mythic Beasts hosting
    #
    Host mb caracal
    HostName caracal.mythic-beasts.com
    User chrisisbd

    ... and at the end of ~/.ssh/config:-

    #
    #
    # Options shared by non-root systems
    #
    Host cheddar halon caracal mb hostinger oasis41
    PermitLocalCommand=yes
    LocalCommand rsync --update --delete -a ~/.cfg/ %h:.cfg/
    AddKeysToAgent=yes

    #
    #
    # 'global' options
    #
    Host *
    User chris
    ~
    ~

    So, to my mind when I enter 'ssh caracal' at the command line the user
    name used by ssh should be chrisisbd as that's the first value for
    User that applies to caracal in the config file. But this isn't what happens, the user is set to 'chris':-

    chris$ ssh caracal
    chris@caracal.mythic-beasts.com's password:


    The man page for ssh_config says, right at the start: "For each
    parameter, the first obtained value will be used.". The caracal entry
    in the config file has definitely been found as ssh is trying to
    connect to caracal.mythic-beasts.com but the 'User chrisisbd' seems to
    be overriden by the 'User chris' at the bottom of the config file.
    Surely this isn't what the man page says?

    It turned out that it was working as it should! What was confusing me
    was that "LocalCommand rsync --update --delete -a ~/.cfg/ %h:.cfg/",
    it was *that* using 'chris' rather than 'chrisisbd'. It was a simple
    enough thing to fix, change it to:-
    LocalCommand rsync --update --delete -a ~/.cfg/ %r@%h:.cfg/

    %r is the 'remote user name' as was needed.

    I.e the initial ssh was using 'chrisisbd' as it should, then the
    LocalCommand was using 'chris' and failed. When configured correctly
    I only get asked for the passphrase once because of the AddKeysToAgent
    setting.

    Sorry for the noise.

    --
    Chris Green
    ยท

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)